Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion=5.1.14393.1944 RunspaceId=4154fde0-06cf-42de-ba7a-d1cb00d0e0b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3578	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3577	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3576	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3575	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3574	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3573	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=952aa2f5-b21c-46e9-bbc2-2b62aaf9fedc HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3572	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bbf526c6-c5e4-4ec6-b4c7-8403ad8a1869 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3571	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bbf526c6-c5e4-4ec6-b4c7-8403ad8a1869 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3570	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3569	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3568	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3567	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3566	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3565	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3564	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3563	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=589c379a-8476-4cc2-ae8a-29f834986a2b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3562	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a74410dc-8c7c-4daf-b453-74c8a345cfeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3561	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3560	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3559	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3558	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3557	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3556	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=601a9225-e0d0-448d-beea-d3a5fad21a7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3555	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cdb74abd-390f-48d5-87f0-05b85089f111 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3554	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5cbf53b0-1035-40ef-8289-b5bc73422762 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3553	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5cbf53b0-1035-40ef-8289-b5bc73422762 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3552	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3551	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3550	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3549	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3548	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3547	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b8601b0c-402b-4afc-b49d-db6ad52aaaed HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3546	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cdb74abd-390f-48d5-87f0-05b85089f111 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3545	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3544	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3543	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3542	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3541	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3540	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c12e4e1-5597-450c-acf2-72a1c795c7cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABZAEEATQBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAFEAQQBNAEEAQQAwAEEARABNAEEATwBRAEEAMABBAEQASQBBAE0AZwBBAHgAQQBEAE0AQQBPAEEAQQB3AEEARABnAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3539	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=03e9def7-8c40-4eb6-917d-51070070e9d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3538	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=646befbb-b932-406a-be01-956ed7207367 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3537	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3536	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3535	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3534	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3533	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3532	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3531	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3530	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b70ec555-1276-4fbe-872d-8a8a63820b9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3529	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=03e9def7-8c40-4eb6-917d-51070070e9d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3528	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3527	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3526	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3525	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3524	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3523	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7fc4c738-b98d-4422-873c-2c81d432e814 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3522	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=f50fa92c-21bc-45b5-a968-899273138c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3521	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=f50fa92c-21bc-45b5-a968-899273138c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3520	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3519	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3518	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3517	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3516	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3515	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=48cba4b0-6a83-4a1c-a798-7f4e1bd90e4f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADYAMQAuADEANAAtADQAMAA0ADMAOQA0ADIAMgAxADMAOAAwADgAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3514	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1264abb-9058-4964-a5e5-195d2940a896 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3513	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f5837962-81a4-46e0-be7a-dc2f82d3b7cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3512	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3511	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3510	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3509	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3508	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3507	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3506	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3505	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2daccd70-443a-4cff-aa02-ed4abcbf77ac HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3504	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1264abb-9058-4964-a5e5-195d2940a896 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3503	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3502	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3501	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3500	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3499	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3498	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fad67bff-7da6-4ead-8c2c-4636235a0cb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3497	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=8c4f6916-91bc-4b1c-9d21-12135bb26e5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3496	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=993c95e5-4e86-47c4-bb10-6ed278649dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3495	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=993c95e5-4e86-47c4-bb10-6ed278649dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3494	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3493	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3492	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3491	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3490	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3489	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92798857-69ce-4fc3-bb18-8f55f44fd2d0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANgAxAC4AMQA0AC0ANAAwADQAMwA5ADQAMgAyADEAMwA4ADAAOAAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3488	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=8c4f6916-91bc-4b1c-9d21-12135bb26e5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3487	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3486	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3485	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3484	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3483	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3482	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0144742-fa16-42a1-a4e5-a7f6bfdfe459 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAGcAQQB4AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE4AQQBBAHcAQQBEAFEAQQBNAHcAQQA1AEEARABRAEEATQBnAEEAeQBBAEQARQBBAE0AdwBBADQAQQBEAEEAQQBPAEEAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3481	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=7a574fc5-b1d5-4c85-ba6f-95988fee51c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3480	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=674e2cdf-9404-46ee-8d0f-d94dc9bb5631 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3479	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=674e2cdf-9404-46ee-8d0f-d94dc9bb5631 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3478	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3477	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3476	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3475	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3474	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3473	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a80f8a12-9e83-4a94-8998-bcc5b70e8750 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3472	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=7a574fc5-b1d5-4c85-ba6f-95988fee51c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3471	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3470	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3469	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3468	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3467	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3466	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f27b7ac5-fe3a-46b0-93e2-4e9f5f104dcb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATgB3AEEAdQBBAEQAQQBBAEwAUQBBAHkAQQBEAGMAQQBOAEEAQQB4AEEARABFAEEATQBBAEEAMABBAEQAQQBBAE4AZwBBAHcAQQBEAFEAQQBPAFEAQQB5AEEARABBAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3465	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7f86af9b-50dc-408e-ab62-b90e412097b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3464	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22ec8770-a3a5-481b-8d92-e5ab3bc94e49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3463	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3462	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3461	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3460	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3459	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3458	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3457	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3456	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=891d8f51-e5f6-4d95-9ebb-e827ba8e5e0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3455	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7f86af9b-50dc-408e-ab62-b90e412097b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3454	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3453	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3452	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3451	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3450	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3449	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6cbcfe05-4faa-41ac-b9ec-236127f48fda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3448	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5bfb9d58-480f-4a95-8e10-d0e94da0fde5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3447	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=5bfb9d58-480f-4a95-8e10-d0e94da0fde5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3446	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3445	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3444	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3443	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3442	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3441	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d999d470-432b-4692-8802-816eae9b9a49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUANwAuADAALQAyADcANAAxADEAMAA0ADAANgAwADQAOQAyADAAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3440	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f38447d-ae93-48ef-b9cb-7c204188f74f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3439	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f10d654c-a13a-48c2-94a6-28c510981fc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3438	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3437	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3436	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3435	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3434	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3433	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3432	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3431	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=67182bc8-5bf2-43b4-a7e8-70bc489cabe9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3430	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f38447d-ae93-48ef-b9cb-7c204188f74f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3429	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3428	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3427	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3426	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3425	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3424	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5c18c0a9-1d49-4b2d-92d7-62ecfdca9308 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3423	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=702f593a-747f-4dff-bca2-178e66eebf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3422	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=928653c0-c974-4019-a6fa-9b2b4553fb97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3421	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=928653c0-c974-4019-a6fa-9b2b4553fb97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3420	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3419	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3418	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3417	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3416	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3415	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bc5b3423-4168-4aa7-8678-f7a03cec493c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQA3AC4AMAAtADIANwA0ADEAMQAwADQAMAA2ADAANAA5ADIAMAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3414	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=702f593a-747f-4dff-bca2-178e66eebf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3413	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3412	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3411	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3410	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3409	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3408	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f1cfd49-67f0-401a-b45c-fafe6b608cce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQAzAEEAQwA0AEEATQBBAEEAdABBAEQASQBBAE4AdwBBADAAQQBEAEUAQQBNAFEAQQB3AEEARABRAEEATQBBAEEAMgBBAEQAQQBBAE4AQQBBADUAQQBEAEkAQQBNAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3407	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=887548f7-520f-46d5-a37c-adb4d68686b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3406	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=3632ae6c-6f19-4e47-88a8-4adee863902e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3405	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=3632ae6c-6f19-4e47-88a8-4adee863902e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3404	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3403	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3402	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3401	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3400	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3399	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa47db65-d56e-4a0c-9b33-470165ee6223 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3398	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion=5.1.14393.1944 RunspaceId=887548f7-520f-46d5-a37c-adb4d68686b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3397	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3396	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3395	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3394	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3393	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3392	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e027362-2dbb-49dc-baed-af5e4d4d89ee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBOAEEAQQAzAEEARABVAEEATQBnAEEAdQBBAEQAYwBBAE4AdwBBAHQAQQBEAGcAQQBNAFEAQQB5AEEARABFAEEATQBBAEEAeABBAEQAYwBBAE0AQQBBAHkAQQBEAFEAQQBOAGcAQQAzAEEARABFAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3391	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f9b59489-2b70-416f-b22c-fb304e6b2242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3390	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c315be2c-257a-4105-8ab7-db1b09d76b6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3389	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3388	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3387	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3386	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3385	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3384	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3383	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3382	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f67ed5dd-b77a-4c6f-b0f3-8bb844e2935c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3381	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f9b59489-2b70-416f-b22c-fb304e6b2242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3380	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3379	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3378	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3377	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3376	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3375	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8e50e724-9c89-4401-a9ab-8950bf036eda HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3374	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=4964f9c3-c7f5-49d6-b089-f487e31fc456 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3373	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion=5.1.14393.1944 RunspaceId=4964f9c3-c7f5-49d6-b089-f487e31fc456 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3372	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3371	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3370	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3369	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3368	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3367	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1d2fea21-74bc-405e-8261-bf185eb6c373 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEANAA3ADUAMgAuADcANwAtADgAMQAyADEAMAAxADcAMAAyADQANgA3ADEAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3366	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43f271e9-6605-4f1d-a22f-4577d3f21b1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3365	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c70a96db-9d68-490e-9913-2f8e292b2c42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3364	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3363	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3362	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3361	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3360	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3359	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3358	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3357	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9896998e-4446-457f-9fa5-4fb1c8339f7b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3356	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43f271e9-6605-4f1d-a22f-4577d3f21b1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3355	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3354	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3353	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3352	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3351	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3350	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a412b18f-7dc9-4150-a7b4-54eed298c534 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3349	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=be11692e-7573-40ba-a43a-3ba5006daecb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3348	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=18bb4757-b8a9-4b67-80b3-1252cb1f422d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3347	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion=5.1.14393.1944 RunspaceId=18bb4757-b8a9-4b67-80b3-1252cb1f422d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3346	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3345	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3344	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3343	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3342	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3341	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=13e9585d-c1ce-43a1-8183-a26cae36a19b HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQA0ADcANQAyAC4ANwA3AC0AOAAxADIAMQAwADEANwAwADIANAA2ADcAMQAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3340	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion=5.1.14393.1944 RunspaceId=be11692e-7573-40ba-a43a-3ba5006daecb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3339	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3338	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3337	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3336	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3335	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3334	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=522ab969-86ad-473f-837b-fcbefc875c7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBADAAQQBEAGMAQQBOAFEAQQB5AEEAQwA0AEEATgB3AEEAMwBBAEMAMABBAE8AQQBBAHgAQQBEAEkAQQBNAFEAQQB3AEEARABFAEEATgB3AEEAdwBBAEQASQBBAE4AQQBBADIAQQBEAGMAQQBNAFEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3333	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b902aa2-49ab-4dcb-a447-405c74f75092 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3332	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9dec6c62-d362-46e3-bdd4-49d7ae2f9a03 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	3331	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9dec6c62-d362-46e3-bdd4-49d7ae2f9a03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3330	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3329	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3328	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3327	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3326	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3325	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3324	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3323	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77196934-7db5-4bb5-98a6-26aa810c92a4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3322	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1b902aa2-49ab-4dcb-a447-405c74f75092 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3321	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3320	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3319	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3318	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3317	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3316	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=86d21e7f-fd4c-4dfc-b9d3-51e497ef9fdf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3315	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:52:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=54cd7e43-d79f-4545-a1c2-7d5019f16a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3314	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=39a748d6-bf60-4130-9165-fbbd65cf4fd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3313	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=39a748d6-bf60-4130-9165-fbbd65cf4fd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3312	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3311	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3310	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3309	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3308	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3307	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a43f336a-0eb1-4fcb-b519-a3711a4d2b82 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3306	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=75ffeed2-d560-42ce-a71a-2ffcc3f8d2ce PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3305	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=75ffeed2-d560-42ce-a71a-2ffcc3f8d2ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3304	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3303	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3302	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3301	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3300	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3299	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3298	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3297	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c23aed5-77b2-445e-ad3e-4efdccd2deeb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3296	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=54cd7e43-d79f-4545-a1c2-7d5019f16a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3295	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3294	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3293	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3292	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3291	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3290	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4f9aeda2-00f0-4f3c-9f11-a0a18fdc1509 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3289	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2ae5cfa9-c5d3-4619-bd4d-829250087da3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3288	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fbdc84c5-1090-4e8c-bb8d-5b6672a4e15b PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	3287	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fbdc84c5-1090-4e8c-bb8d-5b6672a4e15b PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	3286	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fbdc84c5-1090-4e8c-bb8d-5b6672a4e15b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3285	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3284	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3283	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3282	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3281	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3280	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3279	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3278	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=469292ca-60b4-4a3c-b93e-30c8e0b56a0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3277	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2ae5cfa9-c5d3-4619-bd4d-829250087da3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3276	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3275	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3274	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3273	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3272	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3271	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92aecf06-ffcc-414e-82f4-0882a88b8751 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3270	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a8c9c24-6918-4427-b6a9-fc11241d2939 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3269	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=523a7b46-04c4-4b9c-b6fc-b008b6241664 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3268	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion=5.1.14393.1944 RunspaceId=523a7b46-04c4-4b9c-b6fc-b008b6241664 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3267	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3266	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3265	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3264	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3263	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3262	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e3fe256-9297-4c46-80a0-35ecd621c519 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3261	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3cbf2891-327b-4cc3-a412-dca4eb0909cd PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3260	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3cbf2891-327b-4cc3-a412-dca4eb0909cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3259	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3258	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3257	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3256	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3255	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3254	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3253	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3252	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=370b194a-9c83-4578-b337-d20e530474d0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3251	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a8c9c24-6918-4427-b6a9-fc11241d2939 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3250	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3249	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3248	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3247	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3246	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3245	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=33217cc1-9946-43ad-8c14-93dd4220c152 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3244	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=334fd56a-aa14-45bf-9ad7-b2c2461e1958 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3243	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b88a4b13-8ee5-4920-b35e-6be8b592cdaf PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	3242	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b88a4b13-8ee5-4920-b35e-6be8b592cdaf PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	3241	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b88a4b13-8ee5-4920-b35e-6be8b592cdaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3240	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3239	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3238	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3237	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3236	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3235	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3234	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3233	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2945cf4d-6f94-4475-af1b-b5f42209ec55 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3232	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:41:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=334fd56a-aa14-45bf-9ad7-b2c2461e1958 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3231	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3230	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3229	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3228	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3227	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3226	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bbddae1e-0473-4511-91e3-1f536a0e7ba5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3225	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=afcdccdd-e8df-4ab6-a282-f0c387bba018 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3224	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion=5.1.14393.1944 RunspaceId=50a12200-0f26-426b-aa14-66dff2725f7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3223	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion=5.1.14393.1944 RunspaceId=50a12200-0f26-426b-aa14-66dff2725f7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3222	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3221	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3220	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3219	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3218	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3217	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6877530b-6a44-4717-a25d-506b7d58eaf7 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3216	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2e2bd126-4b0b-463e-ac89-00bdd724c7c1 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3215	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2e2bd126-4b0b-463e-ac89-00bdd724c7c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3214	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3213	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3212	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3211	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3210	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3209	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3208	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3207	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=31264047-75cd-4de6-839f-ee2955fbad91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3206	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=afcdccdd-e8df-4ab6-a282-f0c387bba018 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3205	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3204	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3203	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3202	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3201	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3200	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=92889a75-559e-4840-bfcb-e19a88e90d97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3199	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d47a1d46-994e-489e-8e8a-6259836c7490 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3198	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d87f4b29-0e26-4ff0-b0f2-c40dd8f7b44c PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	3197	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d87f4b29-0e26-4ff0-b0f2-c40dd8f7b44c PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	3196	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d87f4b29-0e26-4ff0-b0f2-c40dd8f7b44c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3195	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3194	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3193	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3192	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3191	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3190	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3189	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3188	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6d1de33-94de-4913-9551-2bb6f392bc6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3187	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d47a1d46-994e-489e-8e8a-6259836c7490 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3186	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3185	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3184	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3183	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3182	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3181	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b581f6be-df64-406b-b3ff-344466dfa44c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3180	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c2f41ed-e9fa-4e9c-ad7a-333287d36c40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3179	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1d5ba6e0-f661-4d6b-9ce5-50761e4a1186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3178	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1d5ba6e0-f661-4d6b-9ce5-50761e4a1186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3177	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3176	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3175	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3174	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3173	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3172	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0f85bf3d-3ae2-4e69-af03-d3415586bcaa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3171	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ed16ce5e-8f1d-469f-8faa-d0a4899324e8 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3170	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ed16ce5e-8f1d-469f-8faa-d0a4899324e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3169	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3168	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3167	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3166	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3165	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3164	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3163	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3162	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=80185017-8cc5-44b9-9ad5-09f4cf678ad1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3161	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9c2f41ed-e9fa-4e9c-ad7a-333287d36c40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3160	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3159	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3158	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3157	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3156	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3155	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ed0af552-f381-416e-adc2-c5f75d5d8eb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3154	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5433e267-c053-4614-aed5-0ddae29c678b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3153	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de0d18eb-14a6-4cac-858c-e23c56c2af4a PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	3152	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de0d18eb-14a6-4cac-858c-e23c56c2af4a PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	3151	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de0d18eb-14a6-4cac-858c-e23c56c2af4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3150	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3149	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3148	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3147	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3146	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3145	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3144	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3143	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d1950086-e253-4ba8-9aca-63a650418c0b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3142	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5433e267-c053-4614-aed5-0ddae29c678b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3141	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3140	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3139	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3138	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3137	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3136	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=455550ac-ef1b-4695-8289-d5bdfbd13a5d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3135	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=419fc027-4ab6-4836-b443-34ab91bcdc65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3134	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4167f489-5bf5-4a7b-ba19-bc0f4a5668bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3133	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4167f489-5bf5-4a7b-ba19-bc0f4a5668bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3132	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3131	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3130	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3129	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3128	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3127	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ec0ac859-67de-41b2-b11e-93d49a287e9e HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3126	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de32a039-fba3-4e4f-97a8-24d11ad15570 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	3125	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=de32a039-fba3-4e4f-97a8-24d11ad15570 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3124	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3123	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3122	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3121	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3120	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3119	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3118	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3117	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6962dbe-8fe3-481d-8dbc-cb1ee8b7f471 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3116	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=419fc027-4ab6-4836-b443-34ab91bcdc65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3115	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3114	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3113	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3112	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3111	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3110	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=171b91e0-71b3-4737-967e-105c26bb3a61 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3109	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=37 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=30904211-eb23-4aa2-9027-7d33c8cc2dfe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3108	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2d7a1a30-3ac5-4178-b55a-8f659d3bb3c8 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $platform_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }"	800		0	4	8		36028797018963968	3107	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $link_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2d7a1a30-3ac5-4178-b55a-8f659d3bb3c8 PipelineId=8 ScriptName= CommandLine= Add-Type -TypeDefinition $link_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }"	800		0	4	8		36028797018963968	3106	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2d7a1a30-3ac5-4178-b55a-8f659d3bb3c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3105	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3104	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3103	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3102	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3101	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3100	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3099	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3098	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f91129b-2318-4f8e-9cbe-0cca0b515127 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3097	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=30904211-eb23-4aa2-9027-7d33c8cc2dfe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3096	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3095	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3094	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3093	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3092	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3091	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=39b24b2b-5381-490b-b2e2-0e52140a5f18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3090	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e0ec6ced-c19c-4271-823a-548263f0f4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3089	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ac1bc77-54a4-4f9a-a999-8f462675ff1e PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	3088	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ac1bc77-54a4-4f9a-a999-8f462675ff1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3087	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3086	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3085	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3084	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3083	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3082	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3081	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3080	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f08cba78-ddb9-4461-af18-02af3aee8c52 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3079	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e0ec6ced-c19c-4271-823a-548263f0f4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3078	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3077	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3076	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3075	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3074	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3073	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7af10d90-4830-43be-9e19-e6f5ab54a129 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3072	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:40:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8c422a77-12d8-47da-b80c-dd3b77e15941 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3071	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=33da1abe-43a3-45b4-a1d8-09f00e1b5865 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3070	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3069	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3068	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3067	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3066	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3065	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3064	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3063	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=913ca413-94ff-498b-987e-ddea0b0c42c4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3062	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8c422a77-12d8-47da-b80c-dd3b77e15941 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3061	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3060	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3059	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3058	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3057	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3056	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8489d81d-4e22-4038-9d91-91589fff61db HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3055	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a8ec87f4-0cd2-4d12-a01a-0f507be8d6b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3054	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9203ec21-d1f6-4752-84ea-64c92e3b7ee8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3053	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3052	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3051	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3050	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3049	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3048	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3047	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3046	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d272c006-8286-4482-8786-07fcd35c8b90 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3045	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a8ec87f4-0cd2-4d12-a01a-0f507be8d6b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3044	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3043	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3042	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3041	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3040	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3039	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51677c22-0d28-4ec0-89a1-dca55889b149 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3038	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6049cd8c-0a8e-4df6-9eb0-bb7e94728248 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3037	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=09aef221-4be2-44d5-8191-062425fd1af8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3036	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3035	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3034	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3033	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3032	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3031	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3030	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3029	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=77e55905-e916-4286-bbb6-13a550df6db8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3028	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6049cd8c-0a8e-4df6-9eb0-bb7e94728248 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3027	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3026	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3025	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3024	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3023	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3022	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da0c3e67-d5d7-4e53-987d-6479220f6e3b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3021	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4a645a3-b460-42f8-8f90-5c7dcdbe7c7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3020	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ec84311-6b4f-4e6a-bf6a-e9d212449bf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3019	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3018	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3017	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3016	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3015	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3014	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3013	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3012	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=14893335-fff2-4a6f-9ace-b03c29ddbe58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3011	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d4a645a3-b460-42f8-8f90-5c7dcdbe7c7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3010	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3009	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3008	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3007	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3006	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3005	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=70e9b4a5-e8d9-49b0-a796-dc5c4e04da50 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3004	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=301d73b3-91d3-4811-a7f4-3c583e0f2a5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	3003	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1236cefc-c703-4b70-9c4c-46259a2f1a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	3002	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3001	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3000	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2999	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2998	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2997	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2996	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2995	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3c1b034a-6102-4370-b18e-757019cd8047 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2994	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=301d73b3-91d3-4811-a7f4-3c583e0f2a5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2993	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2992	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2991	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2990	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2989	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2988	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dd751d22-6945-4d02-8b44-f0c864d53687 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2987	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=34 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e9b33678-02b0-424d-a84c-b42530c0c809 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2986	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b220d24-b04e-46e3-99c7-ce1a83b7db5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2985	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2984	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2983	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2982	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2981	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2980	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2979	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2978	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e0d38a33-2fbe-4fd0-8cb0-b2a9042c489a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2977	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e9b33678-02b0-424d-a84c-b42530c0c809 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2976	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2975	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2974	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2973	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2972	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2971	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5870fbd0-6c7b-4ac3-9622-f838bc1ed23a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2970	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40fd6619-6c41-461f-bcf5-86de8dbad616 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2969	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b3cc76f-4b49-4bbe-9acd-7e86d9b49b4f PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	2968	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2b3cc76f-4b49-4bbe-9acd-7e86d9b49b4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2967	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2966	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2965	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2964	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2963	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2962	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2961	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2960	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=46f2ca1b-564b-4fb6-9858-b4f830852854 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2959	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40fd6619-6c41-461f-bcf5-86de8dbad616 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2958	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2957	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2956	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2955	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2954	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2953	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fa385667-c989-48fc-a9b4-b9fc4f2919d8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2952	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b4e56e73-b26a-4bf1-9165-ade341cdd92e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2951	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=02e17082-572b-4e51-890d-d4031925e4b2 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	2950	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=02e17082-572b-4e51-890d-d4031925e4b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2949	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2948	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2947	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2946	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2945	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2944	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2943	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2942	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa7f5f9c-41ec-42e8-9bf0-6a8032f4ad38 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2941	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b4e56e73-b26a-4bf1-9165-ade341cdd92e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2940	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2939	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2938	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2937	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2936	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2935	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e2de357-216b-4141-abb2-d58bbd289da1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2934	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:39:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a1947447-ab60-4d94-a817-35e32544076f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2933	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f5390d81-66a8-464f-87b4-e1a5e8f51f8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2932	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2931	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2930	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2929	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2928	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2927	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2926	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2925	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c2233b26-125c-48e2-be34-285c638fd3bb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2924	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a1947447-ab60-4d94-a817-35e32544076f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2923	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2922	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2921	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2920	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2919	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2918	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d240f670-7e14-45ba-b116-be05d7503fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2917	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=28693aae-5a47-46d4-aeac-f6df3c0891cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2916	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=955a94a7-ebdd-499a-b80a-e715ffaa39cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2915	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=955a94a7-ebdd-499a-b80a-e715ffaa39cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2914	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2913	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2912	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2911	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2910	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2909	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f4d32b9c-af5c-496a-ad41-d39c29546eaa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2908	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=28693aae-5a47-46d4-aeac-f6df3c0891cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2907	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2906	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2905	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2904	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2903	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2902	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bab2041e-8b9a-42e5-a87b-a72dd3446d64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAxAEEARABFAEEATQBRAEEAdQBBAEQARQBBAE0AdwBBAHQAQQBEAEUAQQBNAHcAQQA0AEEARABFAEEATQBnAEEANABBAEQAawBBAE4AZwBBAHgAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATgBnAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2901	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fbeff24a-b01d-4419-9c90-c8ac3853c715 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2900	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dee94fb-1939-42e4-8842-bc67a184a239 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2899	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2898	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2897	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2896	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2895	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2894	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2893	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2892	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9085a06-56b9-4bd4-a7f9-fedbc6cc0e67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2891	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fbeff24a-b01d-4419-9c90-c8ac3853c715 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2890	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2889	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2888	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2887	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2886	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2885	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bd7296b-5cbe-46cf-a1ae-8e22ef1b7d78 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2884	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=de410656-c62f-419d-bd65-102a917a737b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2883	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=de410656-c62f-419d-bd65-102a917a737b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2882	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2881	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2880	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2879	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2878	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2877	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cbecdfcd-bb5b-4b0f-90bd-12ed583bb746 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA1ADEAMQAuADEAMwAtADEAMwA4ADEAMgA4ADkANgAxADQAOAAxADYANgA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2876	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=903a635d-6cc9-4064-be6e-8ff6f952901a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2875	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d3b29134-7409-4ca1-8d23-7d2d318d95d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2874	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d3b29134-7409-4ca1-8d23-7d2d318d95d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2873	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2872	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2871	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2870	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2869	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2868	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6d0dd30a-bfc2-4c9d-916a-669569e08cd6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADUAMQAxAC4AMQAzAC0AMQAzADgAMQAyADgAOQA2ADEANAA4ADEANgA2ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2867	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=903a635d-6cc9-4064-be6e-8ff6f952901a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2866	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2865	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2864	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2863	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2862	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2861	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b3c01468-413b-4170-810f-51548696ff6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFUAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAegBBAEMAMABBAE0AUQBBAHoAQQBEAGcAQQBNAFEAQQB5AEEARABnAEEATwBRAEEAMgBBAEQARQBBAE4AQQBBADQAQQBEAEUAQQBOAGcAQQAyAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2860	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=31889fc7-1d8a-41a4-9aa2-9fdc53c1e7d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2859	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4f5199d2-a0cc-4fd7-99a9-aa1859f71e18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2858	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2857	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2856	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2855	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2854	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2853	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2852	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2851	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3cb84c56-13bc-4241-88c1-e741e1ab7424 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2850	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=31889fc7-1d8a-41a4-9aa2-9fdc53c1e7d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2849	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2848	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2847	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2846	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2845	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2844	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d9f4fed2-3dfa-4d2d-b471-9d37d5936b2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2843	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8bae0809-8850-402c-91df-1c14a69803e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2842	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=9b1343c3-fc5e-4432-a0e4-ef9e7549e02d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2841	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:15:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=9b1343c3-fc5e-4432-a0e4-ef9e7549e02d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2840	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2839	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2838	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2837	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2836	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2835	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdce27e4-c48a-4e1e-ad0a-9b52a05ae613 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2834	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a2919538-8ef0-45a2-8594-86ca7fc8884a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2833	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a2919538-8ef0-45a2-8594-86ca7fc8884a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2832	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2831	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2830	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2829	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2828	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2827	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2826	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2825	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d27f8ece-a63c-45e0-aac2-7244dd02fa71 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2824	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8bae0809-8850-402c-91df-1c14a69803e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2823	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2822	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2821	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2820	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2819	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2818	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=0bb1c3d2-8e98-4536-9a45-876ea606c666 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2817	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dc3729ed-72ca-42b9-8c83-68cd54ff4444 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2816	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion=5.1.14393.1944 RunspaceId=b77648b4-cd75-4662-a7f8-6f450905dc53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2815	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion=5.1.14393.1944 RunspaceId=b77648b4-cd75-4662-a7f8-6f450905dc53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2814	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2813	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2812	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2811	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2810	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2809	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=510cb69f-ed09-4ca7-8802-2c473d765dae HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2808	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=17999115-59bd-432d-8300-ef205aa59ba9 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2807	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=17999115-59bd-432d-8300-ef205aa59ba9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2806	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2805	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2804	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2803	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2802	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2801	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2800	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2799	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c578e19d-d987-4b08-9168-01459d9d22b4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2798	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dc3729ed-72ca-42b9-8c83-68cd54ff4444 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2797	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2796	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2795	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2794	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2793	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2792	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66abc864-b266-4033-b868-c01e36ca3181 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2791	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6689d404-9e53-473e-b606-2177e54f7607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2790	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=e3141603-5cdf-4806-911b-0b4a63a862f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2789	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=e3141603-5cdf-4806-911b-0b4a63a862f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2788	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2787	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2786	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2785	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2784	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2783	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e286113-0b73-4332-96b6-dfb9a6b400f2 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2782	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=81912b89-bcfd-4d95-85dc-e87c6f92d72e PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2781	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=81912b89-bcfd-4d95-85dc-e87c6f92d72e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2780	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2779	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2778	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2777	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2776	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2775	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2774	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2773	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=88773e7e-5d8e-42c3-b902-314a661c8e0a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2772	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6689d404-9e53-473e-b606-2177e54f7607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2771	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2770	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2769	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2768	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2767	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2766	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4a26e463-621f-4181-a96d-5a5e77540c69 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2765	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=00a4cf3b-4714-4082-bbe3-5cdf2ad55ed0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2764	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c7beda67-da09-4407-b6a5-eea3b571689a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2763	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c7beda67-da09-4407-b6a5-eea3b571689a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2762	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2761	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2760	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2759	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2758	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2757	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f082610b-fa15-49dc-8a9b-60227aae1730 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2756	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=00a4cf3b-4714-4082-bbe3-5cdf2ad55ed0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2755	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2754	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2753	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2752	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2751	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2750	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=27d42f0d-55eb-4d10-b11f-921f6cf27af6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABZAEEATgBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAEkAQQBNAFEAQQA1AEEARABFAEEATQBnAEEANQBBAEQAWQBBAE0AZwBBADIAQQBEAFUAQQBNAEEAQQA1AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2749	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=615dcf8f-1e97-4510-81c8-ea9a2aae8215 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2748	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4fcbfab7-6e6c-4af0-b359-3c29f68b322d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2747	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2746	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2745	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2744	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2743	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2742	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2741	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2740	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=396d38db-a206-4972-b45c-ed49c7aff389 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2739	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=615dcf8f-1e97-4510-81c8-ea9a2aae8215 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2738	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2737	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2736	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2735	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2734	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2733	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4e7141cb-bba4-4cbc-af7b-e913cdc7b669 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2732	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=8f7116fd-ae06-4d3b-9d6e-d2b10fae9192 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2731	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=8f7116fd-ae06-4d3b-9d6e-d2b10fae9192 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2730	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2729	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2728	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2727	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2726	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2725	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8673a831-8fdb-49b0-99db-bfeb62bb5fb5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADYANAAuADYALQAxADIAMQA5ADEAMgA5ADYAMgA2ADUAMAA5ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2724	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=59aef1d5-b699-4a3a-aaf3-4e3ab4f84c67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2723	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=10e9161a-1ed9-4686-b6ee-59fd6969a1e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2722	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=10e9161a-1ed9-4686-b6ee-59fd6969a1e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2721	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2720	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2719	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2718	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2717	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2716	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2b30abb9-25fb-42a9-8066-e28ab298de4f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQANgA0AC4ANgAtADEAMgAxADkAMQAyADkANgAyADYANQAwADkAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2715	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=59aef1d5-b699-4a3a-aaf3-4e3ab4f84c67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2714	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2713	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2712	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2711	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2710	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2709	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=90254cfa-850a-4a64-a381-fd28ccbeb680 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBOAGcAQQAwAEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE0AZwBBAHgAQQBEAGsAQQBNAFEAQQB5AEEARABrAEEATgBnAEEAeQBBAEQAWQBBAE4AUQBBAHcAQQBEAGsAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2708	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8218f528-719d-4222-a477-975c9c19670d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2707	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=17b2c1a3-961f-491f-8067-54ff0b2ed417 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2706	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2705	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2704	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2703	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2702	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2701	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2700	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2699	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=42d6ebe2-cedf-4a65-838c-1f27e6c62dfd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2698	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8218f528-719d-4222-a477-975c9c19670d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2697	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2696	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2695	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2694	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2693	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2692	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f903b446-b659-4ae3-a836-e916c2f89ff2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2691	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4996b6d3-422e-426a-a9fd-636b79f08d80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2690	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=b078cfaa-4086-4245-949c-213cbdc904f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2689	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion=5.1.14393.1944 RunspaceId=b078cfaa-4086-4245-949c-213cbdc904f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2688	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2687	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2686	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2685	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2684	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2683	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa9226b-b49c-4433-a0f7-ee9257847897 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2682	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40f89840-6817-4797-a0a7-892bce520c9d PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2681	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40f89840-6817-4797-a0a7-892bce520c9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2680	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2679	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2678	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2677	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2676	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2675	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2674	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2673	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=aa411fe7-0cae-4e1b-881f-520d4c87b35a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2672	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4996b6d3-422e-426a-a9fd-636b79f08d80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2671	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2670	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2669	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2668	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2667	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2666	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d40667a6-34cf-4177-99ea-82d591dc00a5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2665	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c5537db5-1c40-4238-8c27-a79415ab3b8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2664	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion=5.1.14393.1944 RunspaceId=764ec706-7986-43be-9a9d-242ad5ade51e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2663	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion=5.1.14393.1944 RunspaceId=764ec706-7986-43be-9a9d-242ad5ade51e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2662	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2661	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2660	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2659	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2658	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2657	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6af6001-61fe-452b-a11e-9a151ee83291 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2656	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7c453409-5f41-4946-a5a7-e79d1f2b99dc PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2655	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7c453409-5f41-4946-a5a7-e79d1f2b99dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2654	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2653	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2652	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2651	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2650	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2649	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2648	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2647	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=38ca139c-504f-43bb-9fec-7f10adcc2511 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2646	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c5537db5-1c40-4238-8c27-a79415ab3b8a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2645	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2644	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2643	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2642	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2641	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2640	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=da7ea678-b925-46c0-861c-337509982f2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2639	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73a96acf-b9b2-423f-bf5e-ca50697ac4a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2638	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=b36d1efc-a8c6-4a75-b701-52a4862818f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2637	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=b36d1efc-a8c6-4a75-b701-52a4862818f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2636	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2635	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2634	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2633	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2632	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2631	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b5ff61c-5272-4c9c-a408-4b6cb335168a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2630	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=86d4d52e-9e8b-4f73-9f6d-fa0b50bdea75 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2629	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=86d4d52e-9e8b-4f73-9f6d-fa0b50bdea75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2628	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2627	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2626	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2625	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2624	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2623	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2622	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2621	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=481850e5-e4aa-4185-99a7-cd74762be8b5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2620	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73a96acf-b9b2-423f-bf5e-ca50697ac4a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2619	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2618	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2617	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2616	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2615	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2614	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ae2891c-2c67-4274-9afe-46e3b318d350 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2613	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=2b4a4fc8-2660-4e1a-9c88-f69ee69f17e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2612	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=28d8aa53-a4f9-4e50-925b-c54eb21b2f72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2611	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=28d8aa53-a4f9-4e50-925b-c54eb21b2f72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2610	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2609	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2608	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2607	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2606	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2605	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f741e85-8544-47b3-b474-fd475eeccb5e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2604	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=2b4a4fc8-2660-4e1a-9c88-f69ee69f17e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2603	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2602	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2601	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2600	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2599	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2598	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=79cb6365-4d16-4892-a668-3506b84538c9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABNAEEATwBBAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAyAEEARABRAEEATgBRAEEAdwBBAEQAZwBBAE4AZwBBAHoAQQBEAGcAQQBNAEEAQQAxAEEARABrAEEATQB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2597	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=86d1207f-94cd-4c5d-84c2-e1bde64bab87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2596	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7e16af9d-a619-4673-80b2-29a0c616620d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2595	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2594	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2593	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2592	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2591	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2590	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2589	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2588	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7032b077-8fe7-4af3-a85f-b42c74e0d469 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2587	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:14:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=86d1207f-94cd-4c5d-84c2-e1bde64bab87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2586	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2585	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2584	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2583	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2582	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2581	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3760c354-c7d9-4201-8dff-7ab1d101cb0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2580	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c7e7fced-6726-44b1-b3ee-79a4c04eaf99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2579	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=c7e7fced-6726-44b1-b3ee-79a4c04eaf99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2578	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2577	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2576	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2575	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2574	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2573	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7d8d8051-01f5-43be-90d9-a8b73709e946 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADMAOAAuADQAMQAtADIAMAA2ADQANQAwADgANgAzADgAMAA1ADkAMwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2572	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=2ea3628b-130f-49e4-b535-f976fd4e23c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2571	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1a4a82a0-9d2b-492c-b2f2-f4d1d1d29e90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2570	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=1a4a82a0-9d2b-492c-b2f2-f4d1d1d29e90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2569	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2568	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2567	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2566	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2565	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2564	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fa0c439-f569-475e-bd47-97e24a619848 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMwA4AC4ANAAxAC0AMgAwADYANAA1ADAAOAA2ADMAOAAwADUAOQAzADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2563	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=2ea3628b-130f-49e4-b535-f976fd4e23c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2562	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2561	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2560	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2559	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2558	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2557	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9912c77a-368a-4b4e-abd3-745cc43211c6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAHcAQQA0AEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAFkAQQBOAEEAQQAxAEEARABBAEEATwBBAEEAMgBBAEQATQBBAE8AQQBBAHcAQQBEAFUAQQBPAFEAQQB6AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2556	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ec0de9e-3ab9-497d-a3db-57572171b05f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2555	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fcb3f973-3e1f-4412-9e2b-81982e855dab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2554	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2553	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2552	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2551	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2550	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2549	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2548	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2547	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ab0ddf09-d2a0-49f6-8375-b5d0cd51435e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2546	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5ec0de9e-3ab9-497d-a3db-57572171b05f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2545	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2544	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2543	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2542	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2541	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2540	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f2fa9d4c-e207-4922-8aa5-5b2d0d71da66 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2539	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6181c0a1-f5df-4b31-9823-851f2de29d58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2538	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=82663345-6bed-49aa-842a-3808ac1cf9d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2537	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion=5.1.14393.1944 RunspaceId=82663345-6bed-49aa-842a-3808ac1cf9d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2536	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2535	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2534	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2533	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2532	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2531	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5ae8009-b66e-4d79-a312-476752888005 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2530	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=022c762d-2a68-47ad-aba1-2b4fba88464c PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2529	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=022c762d-2a68-47ad-aba1-2b4fba88464c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2528	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2527	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2526	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2525	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2524	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2523	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2522	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2521	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=83e0e2a1-6090-46a6-b74c-64478d83ddce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2520	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6181c0a1-f5df-4b31-9823-851f2de29d58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2519	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2518	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2517	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2516	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2515	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2514	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=88f7aa44-ce3b-47e8-aa3b-9ae90b162791 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2513	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4b492982-21ec-4429-8f8c-18673652d5f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2512	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion=5.1.14393.1944 RunspaceId=a0cd5b3c-06fd-4404-a7e7-618640ba1f1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2511	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion=5.1.14393.1944 RunspaceId=a0cd5b3c-06fd-4404-a7e7-618640ba1f1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2510	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2509	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2508	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2507	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2506	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2505	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a276a7f5-a37c-40d4-ba81-d916d078ac30 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2504	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5a4413db-42db-4091-9521-36d946e3dfe7 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2503	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5a4413db-42db-4091-9521-36d946e3dfe7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2502	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2501	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2500	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2499	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2498	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2497	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2496	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2495	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f7c5054d-4e81-4923-8ac1-3d8d804901c2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2494	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4b492982-21ec-4429-8f8c-18673652d5f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2493	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2492	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2491	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2490	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2489	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2488	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ba81914-ae59-41dc-a0e1-3da5d3b11029 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2487	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e63544d0-8dca-40fa-b33e-a947e04442ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2486	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3de344e7-38d4-4b9c-b59f-745c62623465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2485	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3de344e7-38d4-4b9c-b59f-745c62623465 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2484	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2483	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2482	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2481	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2480	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2479	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=58b77967-5c5b-4de4-b830-9e66b6b3191c HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2478	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dbbfa73c-dd78-4c74-84c7-979414017790 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2477	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=dbbfa73c-dd78-4c74-84c7-979414017790 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2476	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2475	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2474	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2473	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2472	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2471	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2470	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2469	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f6d97d59-27eb-4525-b971-145bdc192a97 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2468	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e63544d0-8dca-40fa-b33e-a947e04442ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2467	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2466	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2465	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2464	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2463	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2462	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8dd26963-49a7-4632-921c-4d46ca8ccb88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2461	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cb4fb1f2-7fa5-4bc3-a923-aed107469b91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2460	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5cef718d-5ae2-46ae-bb84-e17c582a0642 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2459	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=5cef718d-5ae2-46ae-bb84-e17c582a0642 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2458	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2457	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2456	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2455	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2454	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2453	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1cdf8dae-135c-4a8f-822b-848a6f97f39e HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2452	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cb4fb1f2-7fa5-4bc3-a923-aed107469b91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2451	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2450	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2449	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2448	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2447	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2446	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f0371f3-a400-40b1-b6f6-16fa1cfc7e34 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQAwAEEARABFAEEATQBnAEEAdQBBAEQAWQBBAE0AZwBBAHQAQQBEAFUAQQBNAFEAQQAxAEEARABVAEEATQBnAEEAMABBAEQARQBBAE8AQQBBAHgAQQBEAGcAQQBNAGcAQQAwAEEARABRAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2445	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2544a59e-4492-4091-a0e6-b9052584ccde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2444	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f44e3d5e-ccbb-4417-8776-af02e69d741d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2443	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2442	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2441	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2440	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2439	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2438	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2437	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2436	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ada9fd08-4c07-4026-8bf0-10dd3ce5778c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2435	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2544a59e-4492-4091-a0e6-b9052584ccde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2434	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2433	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2432	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2431	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2430	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2429	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9176d6a-6ea2-4e80-b5b3-6eb7dd21610a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2428	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=22b1c0f3-64ec-47bb-b9d4-e4eceff1f8a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2427	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=22b1c0f3-64ec-47bb-b9d4-e4eceff1f8a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2426	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2425	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2424	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2423	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2422	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2421	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3d3a3178-eee5-45dd-aa03-a3a3bc338dc5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgA0ADEAMgAuADYAMgAtADUAMQA1ADUAMgA0ADEAOAAxADgAMgA0ADQAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2420	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=324e2257-73b3-4e96-95b2-7297fcba28cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2419	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=7ab687ce-e182-4d26-9a18-87ec6010d57c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2418	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=7ab687ce-e182-4d26-9a18-87ec6010d57c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2417	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2416	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2415	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2414	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2413	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2412	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb198e3c-1359-4d79-97df-5841152b538c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADQAMQAyAC4ANgAyAC0ANQAxADUANQAyADQAMQA4ADEAOAAyADQANAAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2411	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=324e2257-73b3-4e96-95b2-7297fcba28cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2410	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2409	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2408	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2407	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2406	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2405	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd6a53b9-7d5a-4af6-ad84-acc410631bee HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAFEAQQBNAFEAQQB5AEEAQwA0AEEATgBnAEEAeQBBAEMAMABBAE4AUQBBAHgAQQBEAFUAQQBOAFEAQQB5AEEARABRAEEATQBRAEEANABBAEQARQBBAE8AQQBBAHkAQQBEAFEAQQBOAEEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2404	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c059a406-aa2b-4eb9-8a93-d49291b85dca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2403	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff09832a-a436-4f3c-b98e-c54fdc3bba27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2402	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2401	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2400	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2399	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2398	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2397	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2396	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2395	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3e894dca-b7dd-4e95-a370-d618450f2688 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2394	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c059a406-aa2b-4eb9-8a93-d49291b85dca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2393	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2392	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2391	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2390	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2389	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2388	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a1f41a34-09c2-4a3f-af01-8092f4ec505a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2387	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e553b1cd-c53c-4534-8712-7717c9c36e10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2386	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=397dd7cd-4cc5-411b-b450-672f572579d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2385	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:13:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion=5.1.14393.1944 RunspaceId=397dd7cd-4cc5-411b-b450-672f572579d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2384	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2383	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2382	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2381	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2380	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2379	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e4ca3f9d-86b2-404d-b312-841c6727e948 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2378	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f60e9895-37d2-4d59-955b-5f846ebf0353 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2377	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f60e9895-37d2-4d59-955b-5f846ebf0353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2376	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2375	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2374	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2373	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2372	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2371	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2370	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2369	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=330e73a9-cd7e-403d-8538-93a7dee9d82d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2368	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e553b1cd-c53c-4534-8712-7717c9c36e10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2367	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2366	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2365	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2364	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2363	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2362	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7586b7fa-27d2-44b3-8511-744d7d4a9232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2361	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=42ffe576-a0fa-4335-94bc-544d09c088a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2360	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion=5.1.14393.1944 RunspaceId=633e9dad-0725-4b6f-a612-56fa8d44af25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2359	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion=5.1.14393.1944 RunspaceId=633e9dad-0725-4b6f-a612-56fa8d44af25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2358	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2357	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2356	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2355	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2354	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2353	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=693870b2-cf24-44a2-8e85-436f70fd8d14 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2352	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=826aa844-6033-44ca-9d38-c47c4e4bb3a6 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2351	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=826aa844-6033-44ca-9d38-c47c4e4bb3a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2350	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2349	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2348	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2347	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2346	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2345	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2344	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2343	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=699ca38d-a115-43a7-bade-e3b46ab04848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2342	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=42ffe576-a0fa-4335-94bc-544d09c088a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2341	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2340	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2339	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2338	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2337	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2336	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cd3c66a7-98cc-44cd-8ac3-ac68387d9d5e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2335	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d1b0821-9f6b-489b-8c86-e09b33652142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2334	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=963e935b-84d0-423f-a11e-eaf5ec977e1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2333	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=963e935b-84d0-423f-a11e-eaf5ec977e1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2332	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2331	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2330	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2329	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2328	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2327	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=54667de7-a49c-4b44-83a6-9de05b04c9a1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2326	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=980117ff-00af-438b-a520-c56b39c03079 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2325	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=980117ff-00af-438b-a520-c56b39c03079 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2324	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2323	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2322	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2321	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2320	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2319	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2318	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2317	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ea747b10-028c-42b7-b3a3-c5f455151125 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2316	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d1b0821-9f6b-489b-8c86-e09b33652142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2315	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2314	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2313	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2312	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2311	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2310	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b202ca1a-6cf7-46b5-9789-246981b02ac5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2309	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=99e3bd37-7a01-4e95-97a9-293447c08ba6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2308	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=bf81fadb-c615-4e29-9377-8df39b772068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2307	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=bf81fadb-c615-4e29-9377-8df39b772068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2306	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2305	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2304	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2303	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2302	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2301	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b13df128-0707-4b92-b70c-e41e130e1728 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2300	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=99e3bd37-7a01-4e95-97a9-293447c08ba6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2299	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2298	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2297	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2296	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2295	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2294	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=94971b90-4bc5-4770-8b95-7c8ff8f6ff2e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB6AEEARABVAEEATgBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQB5AEEARABNAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADUAQQBEAFUAQQBNAEEAQQA0AEEARABRAEEATgB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2293	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f93a4f2a-10a7-4023-b3a3-8c846f20cbb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2292	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1839c575-39c7-4d24-9345-ccacbc9fd258 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2291	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2290	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2289	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2288	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2287	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2286	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2285	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2284	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d2ae93bc-0167-4a7e-a802-b3bd2495ed62 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2283	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f93a4f2a-10a7-4023-b3a3-8c846f20cbb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2282	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2281	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2280	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2279	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2278	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2277	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e268294c-1321-465d-9011-ce381e0de415 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2276	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=16b2c3b9-cc01-4a7c-9b11-d1e7d1f83849 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2275	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=16b2c3b9-cc01-4a7c-9b11-d1e7d1f83849 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2274	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2273	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2272	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2271	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2270	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2269	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8adcaf5-9c42-4bc5-bc60-06a77e08a75f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAzADUANQAuADMANwAtADEAMwAyADMAMAA0ADQANwA5ADUAMAA4ADQANwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2268	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=109793e3-3f4b-4c3c-87d8-49f5f6eb8181 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2267	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f0fcc39a-910d-490b-bff5-90421982b2ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2266	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f0fcc39a-910d-490b-bff5-90421982b2ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2265	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2264	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2263	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2262	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2261	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2260	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=46338fbf-ed1f-4ce4-9341-e3d170bf04be HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADMANQA1AC4AMwA3AC0AMQAzADIAMwAwADQANAA3ADkANQAwADgANAA3ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2259	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=109793e3-3f4b-4c3c-87d8-49f5f6eb8181 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2258	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2257	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2256	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2255	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2254	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2253	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=587f729b-387f-458e-b318-333780af4e36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAE0AQQBOAFEAQQAxAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAEkAQQBNAHcAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAawBBAE4AUQBBAHcAQQBEAGcAQQBOAEEAQQAzAEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2252	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=92977253-94cc-4ea9-b4be-9a50a5b5b948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2251	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7f7020f0-8e74-4b68-853b-c517525745f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2250	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2249	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2248	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2247	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2246	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2245	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2244	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2243	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=c213aba1-cb53-420b-ac1a-4713d590562d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2242	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=92977253-94cc-4ea9-b4be-9a50a5b5b948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2241	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2240	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2239	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2238	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2237	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2236	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f148ab9e-2f58-45c8-b649-a8f2fb069fdb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2235	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43050cc2-dc26-4530-9715-07f3148f2c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2234	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=f52f013e-4381-49ce-adf8-14d1fdeea36c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2233	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:12:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion=5.1.14393.1944 RunspaceId=f52f013e-4381-49ce-adf8-14d1fdeea36c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2232	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2231	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2230	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2229	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2228	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2227	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=32ce212b-dba0-462d-bbba-684370e50fd3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2226	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f699d3b3-1d3a-4ac2-aaa2-ea551fea12f8 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2225	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:13 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f699d3b3-1d3a-4ac2-aaa2-ea551fea12f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2224	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2223	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2222	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2221	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2220	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2219	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2218	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2217	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1c823d42-83c7-427a-8391-0686e730daf7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2216	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43050cc2-dc26-4530-9715-07f3148f2c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2215	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2214	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2213	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2212	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2211	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2210	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c8110fc8-391e-4317-a6c8-a5a0f4cedd7e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2209	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=707d4408-a6b5-425b-b492-f6e7d7b1f0f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2208	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion=5.1.14393.1944 RunspaceId=18554102-7762-47d1-8ca3-8b0f5dc3271d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2207	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion=5.1.14393.1944 RunspaceId=18554102-7762-47d1-8ca3-8b0f5dc3271d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2206	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2205	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2204	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2203	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2202	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2201	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6fcca536-01d2-4b8f-bd43-1ea12cbd4330 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2200	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=21dae3b2-23df-49a5-9cdb-2f7eae68f8a0 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2199	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=21dae3b2-23df-49a5-9cdb-2f7eae68f8a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2198	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2197	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2196	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2195	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2194	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2193	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2192	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2191	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f3f61f22-49aa-4411-8c7b-109be7f66d8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2190	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=707d4408-a6b5-425b-b492-f6e7d7b1f0f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2189	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2188	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2187	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2186	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2185	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2184	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c5230bb6-f00e-4c59-937f-fe6cc1248a7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2183	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cf1691db-f4fe-4c60-965d-dfa93bd2a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2182	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d7b4de6d-bc91-4480-a923-eb989c48d559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2181	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d7b4de6d-bc91-4480-a923-eb989c48d559 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2180	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2179	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2178	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2177	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2176	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2175	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bbc5be-232d-4963-a969-209e63f74c29 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2174	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0f9d3fe7-6b8d-46dc-bad0-b78116335613 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2173	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=0f9d3fe7-6b8d-46dc-bad0-b78116335613 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2172	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2171	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2170	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2169	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2168	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2167	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2166	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2165	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=edfa04b4-ee00-46dd-92ff-5b0691598086 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2164	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cf1691db-f4fe-4c60-965d-dfa93bd2a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2163	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2162	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2161	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2160	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2159	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2158	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a6e8b3b1-afcd-4241-b6d6-30a6beadc1e7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2157	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=5e59eacc-1618-4113-873f-64eb878b0ee1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2156	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d3288e99-44bb-4287-94a6-4bb79d6558af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2155	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=d3288e99-44bb-4287-94a6-4bb79d6558af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2154	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2153	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2152	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2151	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2150	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2149	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=14615e11-61fb-475b-be4b-46356c97d5cd HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2148	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=5e59eacc-1618-4113-873f-64eb878b0ee1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2147	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2146	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2145	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2144	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2143	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2142	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0615a30-9969-4636-8930-84ad531e07ce HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB5AEEARABZAEEATQBRAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEUAQQBOAEEAQQA0AEEARABNAEEATgBBAEEAeQBBAEQAUQBBAE4AUQBBADUAQQBEAEEAQQBNAEEAQQA0AEEARABJAEEATgB3AEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2141	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cb8aa761-4924-4a5d-9c0e-a58743e0b76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2140	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3c80f2c3-8fea-4cb2-915c-d97be61c400e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2139	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2138	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2137	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2136	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2135	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2134	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2133	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2132	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=022622a9-9b3c-4c31-adc5-58ae2e82dcff HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2131	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cb8aa761-4924-4a5d-9c0e-a58743e0b76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2130	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2129	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2128	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2127	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2126	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2125	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9d967fca-e858-4c81-ab34-1270a4c9c0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2124	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e21462cc-0295-4733-b264-863cd35f0ea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2123	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e21462cc-0295-4733-b264-863cd35f0ea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2122	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2121	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2120	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2119	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2118	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2117	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=452bfbb0-c9b5-4d4a-88ab-ab8f741e7a00 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAyADYAMQAuADcAMwAtADEANAA4ADMANAAyADQANQA5ADAAMAA4ADIANwA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2116	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=5be50042-30f6-45e4-bd88-b94af5e3b0b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2115	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2ab0e2bc-c056-4167-a104-6aa464520c27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2114	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=2ab0e2bc-c056-4167-a104-6aa464520c27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2113	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2112	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2111	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2110	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2109	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2108	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b1753a0a-1a84-4699-b3ee-39b5289fd0d2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADIANgAxAC4ANwAzAC0AMQA0ADgAMwA0ADIANAA1ADkAMAAwADgAMgA3ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2107	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=5be50042-30f6-45e4-bd88-b94af5e3b0b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2106	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2105	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2104	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2103	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2102	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2101	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8c21fcb3-5652-4528-b8e2-95b15dda6771 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEkAQQBOAGcAQQB4AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AUQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABJAEEATgBBAEEAMQBBAEQAawBBAE0AQQBBAHcAQQBEAGcAQQBNAGcAQQAzAEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2100	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=127225f3-b2c6-4de0-a9bf-93cfe51226bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2099	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=41ddb0e6-7420-4b43-b127-c856f24def59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2098	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2097	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2096	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2095	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2094	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2093	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2092	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2091	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3a32f491-7e46-4be9-9d34-c8ec9e93269d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2090	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=127225f3-b2c6-4de0-a9bf-93cfe51226bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2089	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2088	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2087	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2086	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2085	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2084	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfd74a4b-e5d2-48f5-8d23-eb23d8fd1c17 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2083	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3af83182-1462-4c21-935f-3e15fc0bd56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2082	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:11:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion=5.1.14393.1944 RunspaceId=5d267fef-4d79-4b26-9061-e2c5a0ee2f1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2081	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:10:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion=5.1.14393.1944 RunspaceId=5d267fef-4d79-4b26-9061-e2c5a0ee2f1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2080	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2079	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2078	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2077	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2076	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2075	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=770b2fe5-d5f1-40ed-a5f6-d4b8d3113d93 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2074	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a39a76ec-1e26-4d21-a60f-d7b3038e8f30 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2073	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a39a76ec-1e26-4d21-a60f-d7b3038e8f30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2072	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2071	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2070	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2069	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2068	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2067	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2066	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2065	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=572be255-ab35-4c23-9695-f334b4fa6623 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2064	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3af83182-1462-4c21-935f-3e15fc0bd56c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2063	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2062	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2061	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2060	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2059	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2058	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=823db7ef-0d79-4c7a-b1b4-2671d52b91e4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2057	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a90d4cb5-de63-4ee1-8fef-27293cfa3b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2056	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion=5.1.14393.1944 RunspaceId=da58b694-7004-46ea-8378-f1d51730e343 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2055	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion=5.1.14393.1944 RunspaceId=da58b694-7004-46ea-8378-f1d51730e343 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2054	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2053	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2052	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2051	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2050	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2049	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=033bf244-c057-47a7-a67a-726ebd098f1d HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2048	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f6ccfe0d-6661-4725-8a4f-292c9890ddd8 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2047	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f6ccfe0d-6661-4725-8a4f-292c9890ddd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2046	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2045	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2044	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2043	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2042	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2041	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2040	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2039	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f61d84a-e860-430d-b7cf-88393bde40d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2038	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a90d4cb5-de63-4ee1-8fef-27293cfa3b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2037	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2036	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2035	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2034	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2033	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2032	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5171af6c-4881-49d2-bc81-246a4fc6fb33 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2031	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8e9cfd46-3077-45e4-ad11-1474000ba51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2030	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=b7c1fb73-e476-4f1a-880b-1982b28e6813 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2029	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=b7c1fb73-e476-4f1a-880b-1982b28e6813 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2028	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2027	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2026	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2025	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2024	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2023	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aadbc2cd-117f-47c8-b129-7b10eaa0ddea HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2022	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e2a55b91-ff3a-45c9-9781-afae827de93e PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	2021	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e2a55b91-ff3a-45c9-9781-afae827de93e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2020	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2019	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2018	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2017	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2016	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2015	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2014	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2013	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7c9fbc38-cf2a-4829-9f57-579f206f2c7c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2012	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8e9cfd46-3077-45e4-ad11-1474000ba51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2011	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2010	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2009	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2008	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2007	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2006	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bf508192-a94b-4b03-b0a4-265a14a92ede HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2005	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=540c2a2b-5748-4ebc-a671-ab6d4323d8bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2004	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=6351cdaa-e9d1-4efd-b277-fb11768ede60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	2003	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=6351cdaa-e9d1-4efd-b277-fb11768ede60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	2002	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2001	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2000	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1999	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1998	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1997	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bd8b1ea4-ade6-46af-ba5d-f4dbddf8aee0 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1996	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=540c2a2b-5748-4ebc-a671-ab6d4323d8bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1995	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1994	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1993	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1992	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1991	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1990	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=489fa9be-30b1-4b0e-8d2b-c258a0aaf1f1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB4AEEARABJAEEATgBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAEUAQQBNAGcAQQA0AEEARABjAEEATQBRAEEAegBBAEQAVQBBAE4AUQBBAHoAQQBEAEUAQQBPAFEAQQAwAEEARABjAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1989	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=089b367d-d574-4dda-bd0e-b3a0b8d1ec49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1988	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=05f309d8-a0b6-47a6-9179-7474b12916b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1987	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1986	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1985	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1984	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1983	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1982	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1981	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1980	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0dae0950-c682-4455-a7ac-331b79fe7f88 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1979	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=089b367d-d574-4dda-bd0e-b3a0b8d1ec49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1978	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1977	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1976	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1975	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1974	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1973	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8bce7d2a-edfe-48ca-a0c1-eb372e92b312 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1972	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=01e42540-e62b-49ed-9779-2eb287c3e2f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1971	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=01e42540-e62b-49ed-9779-2eb287c3e2f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1970	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1969	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1968	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1967	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1966	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1965	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=750a6f02-694b-4e1c-af18-b14201baa63a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAxADIANgAuADgANgAtADEAMgA4ADcAMQAzADUANQAzADEAOQA0ADcANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1964	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=52511ea7-60df-43cc-9d18-ca140fedc356 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1963	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=76a9e34d-4ac9-4691-889e-6cfb8a77f5ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1962	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=76a9e34d-4ac9-4691-889e-6cfb8a77f5ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1961	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1960	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1959	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1958	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1957	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1956	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c628172-2d31-402d-8790-c8190201f7ec HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADEAMgA2AC4AOAA2AC0AMQAyADgANwAxADMANQA1ADMAMQA5ADQANwA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1955	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=52511ea7-60df-43cc-9d18-ca140fedc356 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1954	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1953	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1952	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1951	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1950	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1949	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9dc6e7e2-4b32-487b-b49e-ff3355adf2c8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEUAQQBNAGcAQQAyAEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE0AUQBBAHkAQQBEAGcAQQBOAHcAQQB4AEEARABNAEEATgBRAEEAMQBBAEQATQBBAE0AUQBBADUAQQBEAFEAQQBOAHcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1948	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=971d7dda-a235-4b28-ad5e-0994600dccd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1947	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22169810-bf4f-4b42-a993-c5c4d81efaa8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1946	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1945	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1944	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1943	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1942	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1941	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1940	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1939	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ce09dc8a-762c-4c42-81e0-f0ad95799232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1938	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=971d7dda-a235-4b28-ad5e-0994600dccd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1937	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1936	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1935	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1934	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1933	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1932	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=77a0cd6d-c152-4b42-9787-96babf85af56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1931	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d4da889-9f0b-4d01-abf5-3c567cf41a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1930	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=21e298a4-ea83-4aba-9589-7feaf224090c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1929	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion=5.1.14393.1944 RunspaceId=21e298a4-ea83-4aba-9589-7feaf224090c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1928	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1927	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1926	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1925	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1924	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1923	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7ebc7340-ec02-47ec-a403-47ca42fb843b HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1922	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e83bf6e-df8d-435f-a330-bde7cbaf8c42 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1921	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4e83bf6e-df8d-435f-a330-bde7cbaf8c42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1920	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1919	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1918	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1917	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1916	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1915	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1914	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1913	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e981f75-5a27-455f-abe0-91692731a9e0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1912	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9d4da889-9f0b-4d01-abf5-3c567cf41a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1911	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1910	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1909	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1908	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1907	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1906	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=64cff7e7-2ab2-4d1a-a95f-e9b3cf63f938 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1905	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=94dd75b7-75e0-4792-b63e-bf3e0ad0b2eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1904	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=c630af9a-1aa5-41fb-8caa-5c5e6eb864ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1903	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion=5.1.14393.1944 RunspaceId=c630af9a-1aa5-41fb-8caa-5c5e6eb864ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1902	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1901	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1900	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1899	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1898	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1897	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eb63f41a-131a-43f5-b2c7-f4e32b5fcdf3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1896	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a6113cb4-f2c2-4650-a93d-785f4363614a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1895	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a6113cb4-f2c2-4650-a93d-785f4363614a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1894	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1893	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1892	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1891	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1890	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1889	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1888	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1887	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=87f7757c-de32-413d-839b-c90c3ac271a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1886	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=94dd75b7-75e0-4792-b63e-bf3e0ad0b2eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1885	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1884	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1883	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1882	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1881	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1880	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2a31656e-6987-4cb9-b3a1-2204a593babf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1879	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=58b2e863-3a9c-44eb-b9c8-057f47701541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1878	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=8bd9691f-b753-49e7-81bc-e23d3256bd38 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1877	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion=5.1.14393.1944 RunspaceId=8bd9691f-b753-49e7-81bc-e23d3256bd38 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1876	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1875	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1874	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1873	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1872	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1871	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b0555a54-6e60-4c36-96d8-32e2b43762af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1870	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5e72065a-06d6-4387-99d9-292f368f56d4 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1869	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5e72065a-06d6-4387-99d9-292f368f56d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1868	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1867	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1866	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1865	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1864	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1863	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1862	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1861	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6ec675a0-7ac3-480f-bc20-e4b357387193 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1860	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=58b2e863-3a9c-44eb-b9c8-057f47701541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1859	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1858	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1857	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1856	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1855	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1854	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9819cfdf-5f21-4508-817d-48c1a7d0baf1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1853	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b219e170-90bc-4169-8bc2-43345488999d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1852	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=16dc2ff8-678e-4c2c-b33c-9bf9e2cb89ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1851	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:08:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion=5.1.14393.1944 RunspaceId=16dc2ff8-678e-4c2c-b33c-9bf9e2cb89ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1850	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1849	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1848	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1847	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1846	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1845	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=84d77f6e-1ca0-4e90-9753-5bdc2b94e5aa HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1844	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f600f1df-bde4-43f0-bd1c-ae9e3a52e4b5 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1843	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f600f1df-bde4-43f0-bd1c-ae9e3a52e4b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1842	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1841	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1840	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1839	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1838	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1837	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1836	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1835	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=17d3af9a-0106-499d-bdca-0f18bdf28030 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1834	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b219e170-90bc-4169-8bc2-43345488999d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1833	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1832	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1831	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1830	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1829	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1828	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=66c93d6a-e0d6-4c2f-b8d4-ab24eb0a4268 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1827	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5078961-bade-4e50-ae42-28889e6de066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1826	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion=5.1.14393.1944 RunspaceId=6ef9e3d6-4e8c-483d-bb11-0ce8338816e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1825	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion=5.1.14393.1944 RunspaceId=6ef9e3d6-4e8c-483d-bb11-0ce8338816e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1824	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1823	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1822	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1821	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1820	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1819	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d3742dbc-e1fc-4f71-815c-512a856691af HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1818	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f70310ae-c6da-4e27-83db-a418e49fd941 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1817	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f70310ae-c6da-4e27-83db-a418e49fd941 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1816	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1815	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1814	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1813	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1812	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1811	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1810	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1809	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a326313e-f211-4a9f-a265-3da4433ad1d9 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1808	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b5078961-bade-4e50-ae42-28889e6de066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1807	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1806	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1805	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1804	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1803	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1802	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=11d8fcda-37c7-4664-9d12-b9f7b22a4848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1801	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=da860ba8-6182-4b01-a1b4-afc4109b505f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1800	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dba3b256-2d98-4ccb-b61f-ccfe91d72807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1799	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=dba3b256-2d98-4ccb-b61f-ccfe91d72807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1798	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1797	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1796	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1795	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1794	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1793	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f0d6ba14-0ce2-42ff-961c-5418287d2dc4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1792	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=da860ba8-6182-4b01-a1b4-afc4109b505f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1791	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1790	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1789	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1788	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1787	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1786	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=30a0b261-6a4a-4446-a6e4-1a67ea041926 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAGcAQQB3AEEARABZAEEATgBnAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABVAEEATQB3AEEAMwBBAEQARQBBAE4AQQBBADMAQQBEAGcAQQBOAEEAQQA1AEEARABNAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1785	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=266fdf4a-ea60-43c6-8276-5f6cddf7c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1784	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=765ab75b-34e7-4ae3-865f-dbcae3624c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1783	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1782	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1781	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1780	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1779	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1778	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1777	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1776	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=84bf7822-5ec3-486b-a2ed-b3e94c1e4a5f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1775	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=266fdf4a-ea60-43c6-8276-5f6cddf7c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1774	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1773	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1772	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1771	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1770	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1769	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=dfc0c2b6-ff2a-434f-8171-56a82467aaf6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1768	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4f67aed4-f1c6-4b06-80be-22b00c9f0859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1767	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=4f67aed4-f1c6-4b06-80be-22b00c9f0859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1766	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1765	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1764	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1763	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1762	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1761	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=40f164ec-0ada-474c-8a13-63f953f06662 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMgAwADYANgAuADQANQAtADIANQA2ADUAMwA3ADEANAA3ADgANAA5ADMANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1760	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=10b37651-ca3b-41c7-b713-bf04d245ea9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1759	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=962b52db-1755-433e-8406-d5d88591b4f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1758	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=962b52db-1755-433e-8406-d5d88591b4f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1757	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1756	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1755	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1754	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1753	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1752	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c3ab4eef-bdb3-49fe-a0c8-f9d125a053ef HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAyADAANgA2AC4ANAA1AC0AMgA1ADYANQAzADcAMQA0ADcAOAA0ADkAMwA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1751	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=10b37651-ca3b-41c7-b713-bf04d245ea9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1750	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1749	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1748	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1747	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1746	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1745	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06c5b628-795d-48ad-8604-7370d9ac99ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHkAQQBEAEEAQQBOAGcAQQAyAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBOAFEAQQB6AEEARABjAEEATQBRAEEAMABBAEQAYwBBAE8AQQBBADAAQQBEAGsAQQBNAHcAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1744	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5cb8ec1-7ddc-418d-8d95-24279c2306b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1743	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=eb4e4d17-f268-4baa-832b-c66cbc5ad888 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1742	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1741	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1740	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1739	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1738	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1737	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1736	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1735	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=011d7983-41dd-4e5d-b815-21b0953cb833 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1734	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e5cb8ec1-7ddc-418d-8d95-24279c2306b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1733	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1732	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1731	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1730	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1729	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1728	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d7cee3ca-c58e-4353-afb7-d9c6104d3b7d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1727	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c2f1f552-62b2-4ba5-8c76-9a97f63a87b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1726	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion=5.1.14393.1944 RunspaceId=26352c11-d09f-4bae-a093-d9da62abc7b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1725	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:07:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion=5.1.14393.1944 RunspaceId=26352c11-d09f-4bae-a093-d9da62abc7b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1724	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1723	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1722	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1721	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1720	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1719	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=225ca431-0378-4ff2-b94c-e13a64c4fae1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBzAHQAYQBiAGwAZQAvAHcAYQBsAGwAYQBiAHkALwBaADIANgA2ADEAOAA0AGEAMABjADIANQA0ADQAYQBjADYAYQBhADQAZgBhADgANAAyAGUAMQAxADgAMgA0AGIAZQAgAC0ALQB6AHUAdQBsAC0AdQByAGwAIABoAHQAdABwADoALwAvADEAMAAuADEAMAA2AC4AMQAuADMAOQAvAHAAIAAtAC0AegB1AHUAbAAtAGIAcgBhAG4AYwBoACAAcwB0AGEAYgBsAGUALwB3AGEAbABsAGEAYgB5ACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1718	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3bcdf19c-9a24-4bc4-82ed-e8ea92fc7834 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1717	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:02:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3bcdf19c-9a24-4bc4-82ed-e8ea92fc7834 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1716	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1715	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1714	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1713	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1712	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1711	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1710	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1709	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e90e955-d093-4dd0-bb92-90bdba6c8b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1708	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c2f1f552-62b2-4ba5-8c76-9a97f63a87b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1707	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1706	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1705	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1704	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1703	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1702	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=564ff547-d00a-445a-ba0c-ac748a0667d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1701	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=79944aeb-8ac3-445d-a267-e853c74b6373 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1700	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3bc8b301-e4cb-4f37-9ea6-edd3bd9eaa03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1699	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=3bc8b301-e4cb-4f37-9ea6-edd3bd9eaa03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1698	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1697	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1696	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1695	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1694	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1693	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=569e8f36-00a7-4343-bd22-499fcc0a4a7f HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1692	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=79944aeb-8ac3-445d-a267-e853c74b6373 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1691	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1690	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1689	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1688	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1687	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1686	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5e1484bf-9a0f-491a-8765-74c164bf8518 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAzAEEARABFAEEATgBBAEEAdQBBAEQAawBBAE4AQQBBAHQAQQBEAEkAQQBNAHcAQQAwAEEARABJAEEATQBRAEEAMgBBAEQAQQBBAE8AUQBBAHcAQQBEAFkAQQBPAFEAQQB4AEEARABrAEEATQB3AEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1685	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43cddf71-3c8c-427a-8b8b-04a6e1c52e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1684	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4f59f9a4-95ac-4b0f-a815-f1e47f2e89c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1683	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1682	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1681	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1680	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1679	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1678	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1677	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1676	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dbb820ec-580f-4ed3-9ebc-18e29ada5d9c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1675	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=43cddf71-3c8c-427a-8b8b-04a6e1c52e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1674	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1673	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1672	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1671	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1670	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1669	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bfb8dfaa-4cb0-46de-94bb-689da33e1c0d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1668	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a53993f9-522f-4cc9-8d85-d822039681f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1667	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=a53993f9-522f-4cc9-8d85-d822039681f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1666	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1665	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1664	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1663	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1662	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1661	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fd5955-2b63-4cd3-a908-b10b34437f2f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA3ADEANAAuADkANAAtADIAMwA0ADIAMQA2ADAAOQAwADYAOQAxADkAMwA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1660	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=e52cba3f-8669-4a7f-ba5d-08a07114fb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1659	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=e0aa60c8-48ba-4555-9d6a-f57087609c49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1658	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=e0aa60c8-48ba-4555-9d6a-f57087609c49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1657	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1656	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1655	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1654	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1653	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1652	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=eaa0a840-1026-4fa5-b484-10646509b279 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADcAMQA0AC4AOQA0AC0AMgAzADQAMgAxADYAMAA5ADAANgA5ADEAOQAzADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1651	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=e52cba3f-8669-4a7f-ba5d-08a07114fb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1650	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1649	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1648	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1647	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1646	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1645	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=57adae3a-f9b0-4824-a6fc-04a1a471f805 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAGMAQQBNAFEAQQAwAEEAQwA0AEEATwBRAEEAMABBAEMAMABBAE0AZwBBAHoAQQBEAFEAQQBNAGcAQQB4AEEARABZAEEATQBBAEEANQBBAEQAQQBBAE4AZwBBADUAQQBEAEUAQQBPAFEAQQB6AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1644	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=79e8f161-cf79-4802-b52b-4db2396f7d35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1643	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c0589c84-a03b-4b40-9775-dc08a963904d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1642	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1641	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1640	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1639	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1638	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1637	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1636	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1635	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b587c672-57de-4258-8c38-dc2ca30d6be0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1634	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=79e8f161-cf79-4802-b52b-4db2396f7d35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1633	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1632	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1631	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1630	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1629	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1628	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a58a9135-00a6-4620-905c-9c7514398169 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1627	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18e36b35-8cca-43f6-a9d5-8720e200cdae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1626	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=58e4ff7d-1146-4088-bb18-36a2e51bc4fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1625	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1624	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1623	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1622	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1621	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1620	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1619	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1618	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=182f7de1-3499-4103-863c-c99881f2ada7 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1617	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18e36b35-8cca-43f6-a9d5-8720e200cdae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1616	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1615	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1614	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1613	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1612	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1611	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ffc92e0d-a505-4ffd-84f6-d785a2c34b8d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1610	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=97f79ec3-abaf-4afd-aa38-d958897b1a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1609	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:01:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a61c4b78-d264-4386-bb56-e66be5ef5b22 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1608	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a61c4b78-d264-4386-bb56-e66be5ef5b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1607	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1606	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1605	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1604	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1603	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1602	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1601	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1600	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1056523b-e7f6-43a7-b7db-2c3c21bcdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1599	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=97f79ec3-abaf-4afd-aa38-d958897b1a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1598	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1597	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1596	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1595	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1594	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1593	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5846888-1ad7-49ed-85f4-8eba91c4de16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1592	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=70c59273-283a-4348-a9cd-28bd0bc6f1cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1591	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7698d570-1835-4134-b44a-9a42ab6069c6 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1590	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7698d570-1835-4134-b44a-9a42ab6069c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1589	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1588	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1587	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1586	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1585	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1584	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1583	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1582	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=da3d3a7c-c051-447e-b3c6-d640d8b36921 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1581	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=70c59273-283a-4348-a9cd-28bd0bc6f1cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1580	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1579	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1578	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1577	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1576	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1575	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=279dba65-7b37-4986-ac4c-f9868036fe7f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1574	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a1aafa9-c672-4825-b6a0-60e2f3a74b3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1573	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b57e07f5-5e69-40b6-b9fa-8355093ee4c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1572	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1571	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1570	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1569	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1568	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1567	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1566	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1565	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0773df61-ac2a-427f-9123-c4d82e53b3f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1564	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a1aafa9-c672-4825-b6a0-60e2f3a74b3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1563	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1562	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1561	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1560	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1559	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1558	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42ef8c0e-e589-4788-9ba0-c14d50d7da6f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1557	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5b096d8a-0665-4dd2-8f5c-8acf13eb0cfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1556	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=b95fbd2c-3daf-4eb0-b705-cf6d5587cbdc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1555	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion=5.1.14393.1944 RunspaceId=b95fbd2c-3daf-4eb0-b705-cf6d5587cbdc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1554	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1553	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1552	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1551	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1550	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1549	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a92f73e4-64a3-4db7-be20-144158eeedb1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1548	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ac2bc821-b615-4847-bfc7-551a4ec1c20a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1547	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ac2bc821-b615-4847-bfc7-551a4ec1c20a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1546	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1545	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1544	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1543	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1542	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1541	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1540	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1539	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=7699d5b4-f973-4bbc-b274-0180fcadb11d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1538	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5b096d8a-0665-4dd2-8f5c-8acf13eb0cfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1537	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1536	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1535	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1534	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1533	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1532	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=00aa6ad1-be52-4733-b9d4-f857356d9139 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1531	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3935cd5e-416c-4366-aa13-3747dd779dbc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1530	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=985b363d-d2c4-467c-952b-d9daaad0e0b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1529	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion=5.1.14393.1944 RunspaceId=985b363d-d2c4-467c-952b-d9daaad0e0b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1528	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1527	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1526	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1525	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1524	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1523	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=141bead4-614f-4bb5-92a1-948696671f46 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1522	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 5:00:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=288469b6-18fa-4135-9a49-e7f69441b1e8 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1521	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=288469b6-18fa-4135-9a49-e7f69441b1e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1520	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1519	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1518	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1517	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1516	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1515	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1514	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1513	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6f2b5dc8-eb80-481a-9dd1-012b044fda18 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1512	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3935cd5e-416c-4366-aa13-3747dd779dbc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1511	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1510	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1509	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1508	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1507	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1506	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56800b56-4466-499e-860a-a1273c3b3a56 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1505	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f0870c83-300b-4730-a0d5-58b7fca72052 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1504	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c9893d76-e0ec-4816-9a01-2079ec13090f PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1503	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c9893d76-e0ec-4816-9a01-2079ec13090f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1502	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1501	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1500	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1499	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1498	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1497	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1496	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1495	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b7991920-ce38-4d01-84e5-41cd7964ffec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1494	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f0870c83-300b-4730-a0d5-58b7fca72052 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1493	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1492	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1491	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1490	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1489	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1488	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=598a61df-7fa3-4a76-8fa3-3cbaf8e37e21 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1487	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9376a550-0639-4904-88e3-2e382a7fa161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1486	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4de59c00-7f2e-4e25-87b9-437d14d71c05 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1485	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4de59c00-7f2e-4e25-87b9-437d14d71c05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1484	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1483	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1482	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1481	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1480	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1479	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1478	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1477	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1a307c0c-42b8-4de7-8112-1873e8d1f045 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1476	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9376a550-0639-4904-88e3-2e382a7fa161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1475	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1474	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1473	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1472	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1471	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1470	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2eb526fa-0aff-408a-b01a-37933594be37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1469	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b59d4d3e-d4a5-4952-ad17-3a7570983445 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1468	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3e9ed559-19ae-4be3-ab00-18c1192447e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1467	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1466	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1465	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1464	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1463	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1462	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1461	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1460	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d07c3ea9-7fde-42af-8d9b-cadb25eacb16 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1459	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b59d4d3e-d4a5-4952-ad17-3a7570983445 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1458	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1457	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1456	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1455	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1454	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1453	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c9ece58e-e96d-4424-a158-36834f519e37 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1452	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd0251e1-0e33-4802-833b-1483cb807492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1451	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=0a6b58b9-e6f7-453d-a21e-e09158982e31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1450	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion=5.1.14393.1944 RunspaceId=0a6b58b9-e6f7-453d-a21e-e09158982e31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1449	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1448	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1447	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1446	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1445	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1444	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=56bdd8f2-11a6-4d10-a1c3-3251b833418a HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1443	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59c1e95c-b1af-447a-a672-a29aa9307489 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1442	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=59c1e95c-b1af-447a-a672-a29aa9307489 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1441	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1440	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1439	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1438	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1437	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1436	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1435	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1434	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=6d6aede2-f6f3-44ac-9ba9-8de705bb8e6e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1433	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bd0251e1-0e33-4802-833b-1483cb807492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1432	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1431	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1430	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1429	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1428	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1427	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=babbd00a-cb6f-4473-90fa-2dc8d8d79737 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1426	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a4a78ed6-aa78-4238-9c16-7f6749451601 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1425	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40aa6265-a826-4325-9bcc-fae41c7339a6 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1424	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40aa6265-a826-4325-9bcc-fae41c7339a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1423	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1422	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1421	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1420	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1419	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1418	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1417	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1416	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2aecdcd8-b448-4ea2-8150-e0434035cff8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1415	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a4a78ed6-aa78-4238-9c16-7f6749451601 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1414	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1413	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1412	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1411	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1410	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1409	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=063d9fe2-1961-4ecf-8db8-3ffa10bcbde8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1408	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c017e23-2a71-4c5c-a147-3d9e9ce3b7ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1407	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c0d838a5-8d0f-47b7-a418-b8c5fc11a019 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1406	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1405	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1404	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1403	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1402	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1401	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1400	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1399	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=0714bddd-5109-4ced-bf31-e7fc26546d06 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1398	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4c017e23-2a71-4c5c-a147-3d9e9ce3b7ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1397	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1396	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1395	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1394	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1393	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1392	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=75dc0302-84e2-4a31-b2c8-a50fc1a61454 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1391	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=97b310dc-25d5-4914-95c8-b5d62d03f02e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1390	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=67650fc2-5750-4b4e-b7e0-8597d143d66b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1389	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion=5.1.14393.1944 RunspaceId=67650fc2-5750-4b4e-b7e0-8597d143d66b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1388	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1387	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1386	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1385	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1384	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1383	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=81ee1925-5cfc-4463-98e6-3b606b5ed918 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1382	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a136e7be-1e51-4375-814c-fcb341b54d88 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1381	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=a136e7be-1e51-4375-814c-fcb341b54d88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1380	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1379	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1378	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1377	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1376	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1375	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1374	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1373	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=23d0e1ef-82ce-458f-8ba0-1d0fb938e171 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1372	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=97b310dc-25d5-4914-95c8-b5d62d03f02e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1371	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1370	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1369	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1368	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1367	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1366	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=202fd9bb-435f-4094-bdcd-565abf728b9d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1365	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c8376b41-201c-4708-8066-41475fc485a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1364	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d83bdd06-b84e-4f5d-b6fd-e9f1d03ee578 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1363	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1362	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1361	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1360	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1359	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1358	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1357	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1356	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4abef83a-fa43-482a-a869-87def8a2cc58 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1355	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c8376b41-201c-4708-8066-41475fc485a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1354	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1353	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1352	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1351	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1350	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1349	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7e133fab-e53d-47ea-9b19-aee50b0f156a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1348	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8d9544a0-4e03-4437-9a29-a0f857ce4ed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1347	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=c1e85369-6060-4181-985f-f7a910c32a68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1346	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion=5.1.14393.1944 RunspaceId=c1e85369-6060-4181-985f-f7a910c32a68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1345	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1344	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1343	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1342	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1341	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1340	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=89a5da18-53c0-41c4-8f85-9a46304dfba3 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1339	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=303718d0-4e4d-48ec-bab9-d3926e65885d PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1338	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=303718d0-4e4d-48ec-bab9-d3926e65885d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1337	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1336	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1335	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1334	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1333	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1332	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1331	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1330	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc7af0ed-a50f-46c7-a025-0d631585e289 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1329	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8d9544a0-4e03-4437-9a29-a0f857ce4ed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1328	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1327	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1326	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1325	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1324	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1323	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=371aaae6-c339-443c-8d86-91927b2316f3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1322	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b3445e4-1fae-4375-881c-7e61243f4659 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1321	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=940fcdcf-86c0-4bb0-b5d9-bd8ff072da29 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1320	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:04 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=940fcdcf-86c0-4bb0-b5d9-bd8ff072da29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1319	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1318	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1317	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1316	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1315	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1314	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1313	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1312	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1cc9101f-727d-4723-8b43-73ab447132c5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1311	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b3445e4-1fae-4375-881c-7e61243f4659 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1310	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1309	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1308	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1307	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1306	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1305	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=aa97b5cf-858f-48ba-ab8f-cd89a162ae74 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1304	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:03 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d1615db8-acbb-45d5-9867-2cf1821f7438 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1303	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9ba111a4-884d-4221-b887-583ea7757371 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1302	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1301	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1300	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1299	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1298	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1297	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1296	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1295	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=459281e6-651c-4901-adf9-ec99fc32c0f2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1294	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d1615db8-acbb-45d5-9867-2cf1821f7438 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1293	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1292	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1291	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1290	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1289	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1288	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=53aff291-54d5-476e-8e07-a3155e94a48a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1287	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=990b5c9d-4248-4f02-bc01-b2cd2452dcd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1286	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f3db46ca-1150-4f87-a69b-354badcbd5a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1285	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=f3db46ca-1150-4f87-a69b-354badcbd5a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1284	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1283	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1282	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1281	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1280	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1279	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3f53f324-257a-4104-b5bb-93b4ca1b61d4 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1278	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=990b5c9d-4248-4f02-bc01-b2cd2452dcd9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1277	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1276	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1275	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1274	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1273	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1272	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1b9bfe1a-78ac-4d0a-a072-e22a5e264bfb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABNAEEATwBBAEEAdQBBAEQAQQBBAE4AdwBBAHQAQQBEAEkAQQBOAGcAQQAyAEEARABnAEEATQB3AEEAeABBAEQAYwBBAE4AdwBBADIAQQBEAEUAQQBOAFEAQQAyAEEARABNAEEATwBRAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1271	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=edb7cd94-0c87-491a-beb0-1f3e5c5a8811 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1270	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5b11cb78-90b1-469b-aa54-6297bad5a251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1269	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1268	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1267	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1266	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1265	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1264	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1263	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1262	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f4213bd6-d620-4c45-b0d8-52efcf72b77c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1261	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:59:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=edb7cd94-0c87-491a-beb0-1f3e5c5a8811 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1260	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1259	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1258	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1257	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1256	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1255	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f13a1a97-b569-46ab-9614-d37f264bf69f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1254	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2ca6e2ce-2735-4f83-bda6-e23f543dbaea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1253	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=2ca6e2ce-2735-4f83-bda6-e23f543dbaea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1252	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1251	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1250	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1249	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1248	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1247	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=926a822d-7361-4897-b223-ac9513faa160 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADMAOAAuADAANwAtADIANgA2ADgAMwAxADcANwA2ADEANQA2ADMAOQA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1246	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=b27d4bfc-ef18-4c6a-82cf-0df8fb61363a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1245	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=c1017add-71d1-445c-8258-3cf0e592e4f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1244	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=c1017add-71d1-445c-8258-3cf0e592e4f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1243	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1242	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1241	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1240	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1239	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1238	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1648ff85-3753-46c9-ba30-938fe9389928 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMwA4AC4AMAA3AC0AMgA2ADYAOAAzADEANwA3ADYAMQA1ADYAMwA5ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1237	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=b27d4bfc-ef18-4c6a-82cf-0df8fb61363a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1236	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1235	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1234	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1233	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1232	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1231	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=29c375ad-feaf-47e1-86df-ad4dc744a9ca HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAHcAQQA0AEEAQwA0AEEATQBBAEEAMwBBAEMAMABBAE0AZwBBADIAQQBEAFkAQQBPAEEAQQB6AEEARABFAEEATgB3AEEAMwBBAEQAWQBBAE0AUQBBADEAQQBEAFkAQQBNAHcAQQA1AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1230	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=80527f92-e46a-4393-af5c-464ed703f19b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1229	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=526a9a6d-6544-4eb5-be61-db1cef1fffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1228	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1227	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1226	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1225	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1224	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1223	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1222	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1221	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3986d98b-39d0-4d55-a1ad-c7a155c19379 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1220	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=80527f92-e46a-4393-af5c-464ed703f19b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1219	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1218	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1217	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1216	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1215	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1214	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=941a92bd-c73d-4249-9942-35e8ff043161 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1213	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=06c1b0bd-edde-417f-9f7e-1f9fbb249e37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1212	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion=5.1.14393.1944 RunspaceId=8d26285c-4f92-48cb-ac98-cbb8957b4b44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1211	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion=5.1.14393.1944 RunspaceId=8d26285c-4f92-48cb-ac98-cbb8957b4b44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1210	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1209	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1208	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1207	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1206	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1205	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41aa561a-5ec4-43ba-a123-fd79e2cc91c1 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1204	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4ae4c265-0724-40f0-b033-264560202537 PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	1203	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4ae4c265-0724-40f0-b033-264560202537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1202	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1201	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1200	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1199	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1198	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1197	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1196	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1195	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=dd60a418-72bd-4508-962d-850ae959f00c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1194	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=06c1b0bd-edde-417f-9f7e-1f9fbb249e37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1193	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1192	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1191	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1190	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1189	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1188	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fc84b01f-0f60-4ac7-a9c7-f156caec1984 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1187	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=8f2edf09-0c1f-47e2-a919-8d9af09560db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1186	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=bfcafe99-9d00-4a6e-ad9c-0500dafd4d71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1185	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=bfcafe99-9d00-4a6e-ad9c-0500dafd4d71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1184	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1183	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1182	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1181	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1180	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1179	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b11980c-fc3e-4fae-ac96-46ae7df0020a HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1178	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=8f2edf09-0c1f-47e2-a919-8d9af09560db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1177	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1176	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1175	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1174	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1173	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1172	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=9c30bca5-2d76-4ef7-8caa-248f1facf380 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAxAEEARABFAEEATwBRAEEAdQBBAEQARQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQAyAEEARABFAEEATgBnAEEAeABBAEQAQQBBAE8AQQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABVAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1171	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=323525f1-4f07-42a4-b710-0192578db68f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1170	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2f434872-638c-49fb-85a0-9f9c7bb73ca5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1169	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1168	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1167	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1166	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1165	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1164	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1163	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1162	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cd1f937d-66b8-467e-9643-d4855b5772d5 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1161	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=323525f1-4f07-42a4-b710-0192578db68f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1160	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1159	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1158	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1157	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1156	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1155	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=62675ab5-1cf4-4f95-b5f9-5b2cc9cfee03 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1154	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=860e0ca8-cfee-4618-a134-c1530276c01b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1153	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=860e0ca8-cfee-4618-a134-c1530276c01b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1152	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1151	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1150	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1149	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1148	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1147	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=41805a27-7830-44f2-aa58-7df16e34a6e8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA1ADEAOQAuADEANAAtADEAMAA2ADEANgAxADAAOAAxADAANAA5ADUAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1146	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=d2c03f55-1410-4f98-860d-bc56aecfa3a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1145	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=379123a0-496a-4590-9024-9be088e6403e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1144	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=379123a0-496a-4590-9024-9be088e6403e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1143	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1142	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1141	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1140	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1139	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1138	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=801872a4-b346-454f-a230-f9729911ee80 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADUAMQA5AC4AMQA0AC0AMQAwADYAMQA2ADEAMAA4ADEAMAA0ADkANQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1137	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=d2c03f55-1410-4f98-860d-bc56aecfa3a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1136	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1135	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1134	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1133	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1132	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1131	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e7720db4-106f-4099-a8a7-aab74bc70e44 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATQBRAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAFkAQQBNAFEAQQAyAEEARABFAEEATQBBAEEANABBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBOAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1130	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=197b5625-70d9-4d7a-8374-2ad05400f27e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1129	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=cd7b9087-83bf-4729-a5f9-e0d246172eeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1128	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1127	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1126	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1125	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1124	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1123	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1122	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1121	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a2811d89-eaaf-4312-a5f9-532c4e5dbdc1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1120	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=197b5625-70d9-4d7a-8374-2ad05400f27e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1119	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1118	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1117	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1116	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1115	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1114	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=34b4c47e-da2f-4b14-9dae-c025832332d6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1113	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=12d8e857-4af7-47fb-b2a8-f4c9a095414f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1112	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f3f1dc9e-3325-49d5-a3f8-e92f03acff33 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1111	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f3f1dc9e-3325-49d5-a3f8-e92f03acff33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1110	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1109	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1108	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1107	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1106	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1105	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1104	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1103	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2e6b1588-6483-4ab9-8087-8ee94af98b64 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1102	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=12d8e857-4af7-47fb-b2a8-f4c9a095414f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1101	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1100	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1099	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1098	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1097	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1096	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d2372260-713a-4593-9571-e8241166349d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1095	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3d30a756-a57b-4f92-a3d2-1190c07ea665 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1094	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ed1ffd7a-7273-42b2-9e28-f38f0a43d019 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1093	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1092	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1091	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1090	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1089	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1088	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1087	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1086	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ac6b73b6-cce3-4065-9cf7-50905d7ee0b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1085	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3d30a756-a57b-4f92-a3d2-1190c07ea665 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1084	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1083	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1082	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1081	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1080	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1079	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5f43e80e-4731-41e8-ab0a-de042a6695fa HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1078	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff7c20fa-4ccb-423f-97cf-2a2961c18f4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1077	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:58:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=083125ce-040e-446b-90ee-5dba122aa83e PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1076	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=083125ce-040e-446b-90ee-5dba122aa83e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1075	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1074	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1073	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1072	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1071	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1070	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1069	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1068	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5b148cc9-ebc9-4578-bc19-4a3fdd9f1af3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1067	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ff7c20fa-4ccb-423f-97cf-2a2961c18f4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1066	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1065	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1064	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1063	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1062	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1061	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c6235328-97af-48fc-90c0-43bbd0a95fec HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1060	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:57:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=081d8b9d-0358-4998-ab03-5e23dbc3181e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1059	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:59 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f29a3be8-7e49-4f46-9bcc-40350135b62e PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	1058	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f29a3be8-7e49-4f46-9bcc-40350135b62e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1057	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1056	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1055	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1054	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1053	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1052	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1051	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1050	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2d8b7ba6-57ea-434b-b253-d4f4ce51955c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1049	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:58 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=081d8b9d-0358-4998-ab03-5e23dbc3181e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1048	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1047	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1046	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1045	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1044	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1043	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6243c5df-a181-47c4-918a-31ad21073195 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1042	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5feaf625-6d03-41bd-a82f-726d88fa38c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1041	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=af46f63a-763e-4556-83fe-864ee2a522fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1040	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1039	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1038	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1037	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1036	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1035	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1034	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1033	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=1ad3173a-d658-49b8-ac75-8b0965252a9e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1032	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5feaf625-6d03-41bd-a82f-726d88fa38c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1031	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1030	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1029	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1028	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1027	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1026	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f616c74e-8ef5-4866-953c-3071da6a5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1025	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61b5db8d-85c3-4d41-a079-afa896005f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1024	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=13a6a3c2-64b8-43d0-818c-6031744989c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1023	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1022	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1021	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1020	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1019	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1018	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1017	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1016	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=61809ab2-b6bb-4b97-8a0c-9e42e24afc0e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1015	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=61b5db8d-85c3-4d41-a079-afa896005f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1014	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1013	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1012	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1011	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1010	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1009	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=af60b2df-f20d-4fdb-ba97-85962a34f0b6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1008	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=738c6dfb-237c-480b-b674-049fe2673756 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	1007	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=53f3fa7d-3ec0-47a1-8f01-c5a9dc2450b6 PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"	800		0	4	8		36028797018963968	1006	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=53f3fa7d-3ec0-47a1-8f01-c5a9dc2450b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	1005	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1004	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1003	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1002	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1001	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1000	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	999	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	998	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b89fef77-807e-4c5c-989f-cb51107bc64f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	997	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=738c6dfb-237c-480b-b674-049fe2673756 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	996	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	995	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	994	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	993	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	992	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	991	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16311686-030e-49c3-b2d6-19b9ae2b339e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	990	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2e16350c-9c70-49ef-846e-b49a077826d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	989	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8ec84c45-8853-4d88-8462-3d677d78d81b PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $webclient_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net; public class ExtendedWebClient : WebClient { public int Timeout; public ExtendedWebClient() { Timeout = 600000; // Default timeout value } protected override WebRequest GetWebRequest(System.Uri address) { WebRequest request = base.GetWebRequest(address); request.Timeout = Timeout; return request; } }"	800		0	4	8		36028797018963968	988	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8ec84c45-8853-4d88-8462-3d677d78d81b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	987	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	986	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	985	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	984	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	983	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	982	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	981	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	980	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5803180b-3ab5-48d9-88b2-a8f5095efb4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	979	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2e16350c-9c70-49ef-846e-b49a077826d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	978	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	977	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	976	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	975	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	974	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	973	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ab065933-e764-4b58-9ac1-7a992162fda0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	972	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=02253099-4045-423f-bfd7-65c48533efd3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	971	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=28a76069-ea79-4b0e-baa5-6f5d8ee5db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	970	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	969	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	968	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	967	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	966	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	965	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	964	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	963	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=3566b335-bdce-481c-b538-72e78bccfd19 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	962	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=02253099-4045-423f-bfd7-65c48533efd3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	961	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	960	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	959	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	958	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	957	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	956	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a0cd4dbf-df2b-41b5-913f-1f5f3841846e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	955	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=9451484c-ee68-4984-9f97-91dab6763884 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	954	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=9e06056d-2c04-43f0-8a32-b003b218ef29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	953	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=9e06056d-2c04-43f0-8a32-b003b218ef29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	952	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	951	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	950	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	949	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	948	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	947	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=188d3e7c-8563-4a52-9be9-08a8131690b6 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	946	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=9451484c-ee68-4984-9f97-91dab6763884 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	945	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	944	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	943	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	942	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	941	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	940	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=985551fa-a048-417e-95e2-a7538e7be660 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQAwAEEARABBAEEATQB3AEEAdQBBAEQAawBBAE0AUQBBAHQAQQBEAEUAQQBOAEEAQQB3AEEARABrAEEATQBnAEEANABBAEQAZwBBAE0AUQBBADUAQQBEAEUAQQBNAHcAQQB4AEEARABJAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	939	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=291f6289-eb13-4d5a-ae49-368982ecc211 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	938	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=07c3fddd-e7d0-4f34-a9a3-0a9fae92724b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	937	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	936	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	935	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	934	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	933	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	932	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	931	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	930	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=636bf327-714f-4761-b84d-f3478c592f41 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	929	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=291f6289-eb13-4d5a-ae49-368982ecc211 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	928	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	927	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	926	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	925	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	924	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	923	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=326ffec5-3d90-47da-be6b-d236dde96a2c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	922	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=bb969e7d-acb7-49a7-a672-dadf7086586b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	921	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=bb969e7d-acb7-49a7-a672-dadf7086586b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	920	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	919	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	918	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	917	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	916	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	915	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8f7b91be-1a1d-4bf8-af62-46c3f99007fe HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQA0ADAAMwAuADkAMQAtADEANAAwADkAMgA4ADgAMQA5ADEAMwAxADIAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	914	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1562ce3-4842-4abf-b679-ca238b034f16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	913	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=9120d5a9-0a38-4ab5-8f63-5defba4fb60a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	912	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	911	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	910	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	909	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	908	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	907	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	906	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	905	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ee78e3a9-c333-435e-874b-475687a6c3bd HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	904	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1562ce3-4842-4abf-b679-ca238b034f16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	903	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	902	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	901	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	900	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	899	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	898	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=05b1f466-ef54-4961-a88c-72a09536e98a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	897	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=c2ca8ba5-15b0-4a28-9c7e-d9746886d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	896	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb7fb2db-122e-4b9f-8b7a-0bfc07080cd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	895	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=cb7fb2db-122e-4b9f-8b7a-0bfc07080cd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	894	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	893	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	892	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	891	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	890	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	889	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3ad743f3-1050-4dc8-a5e6-9c094814f069 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADQAMAAzAC4AOQAxAC0AMQA0ADAAOQAyADgAOAAxADkAMQAzADEAMgAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	888	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=c2ca8ba5-15b0-4a28-9c7e-d9746886d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	887	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	886	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	885	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	884	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	883	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	882	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=732a60fa-b7cf-4038-bbf5-3f52c17bd705 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAFEAQQBNAEEAQQB6AEEAQwA0AEEATwBRAEEAeABBAEMAMABBAE0AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABnAEEATwBBAEEAeABBAEQAawBBAE0AUQBBAHoAQQBEAEUAQQBNAGcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	881	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=28ccabbf-3783-4b61-ad54-620a17062100 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	880	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=33ca1fd5-109a-46d4-8316-476f4fae5af5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	879	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=33ca1fd5-109a-46d4-8316-476f4fae5af5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	878	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	877	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	876	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	875	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	874	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	873	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69fa1428-084e-4862-a093-dc7ab6c58872 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	872	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=28ccabbf-3783-4b61-ad54-620a17062100 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	871	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	870	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	869	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	868	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	867	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	866	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a5db5b0d-11fd-4e63-9603-b46900843ad4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATwBRAEEAdQBBAEQAVQBBAE0AUQBBAHQAQQBEAEUAQQBPAFEAQQA1AEEARABRAEEATwBBAEEAMQBBAEQATQBBAE4AdwBBADIAQQBEAEEAQQBOAFEAQQAzAEEARABJAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	865	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3465a960-0b2e-49cf-b5f9-1c72432253e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	864	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c72fc108-c456-451d-a36c-bc9e16dd3b53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	863	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	862	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	861	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	860	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	859	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	858	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	857	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	856	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5f713fa4-8775-4765-bb60-c8b62bffbeb6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	855	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3465a960-0b2e-49cf-b5f9-1c72432253e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	854	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	853	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	852	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	851	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	850	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	849	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=06f621be-58d6-47cd-94d4-ad0a0bf41b96 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	848	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=80355515-b406-4593-87b6-8cdc809512b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	847	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=80355515-b406-4593-87b6-8cdc809512b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	846	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	845	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	844	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	843	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	842	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	841	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bcd64776-0495-45d4-8691-6e40cfc6f947 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAOQAuADUAMQAtADEAOQA5ADQAOAA1ADMANwA2ADAANQA3ADIANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	840	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3909b5f3-660b-4c57-b7c0-55cecaa49064 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	839	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=df4e498f-43de-4572-871f-697ff1fa2bb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	838	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	837	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	836	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	835	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	834	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	833	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	832	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	831	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=2f2d0012-1dd9-4eb9-b1ed-d6a845cb0614 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	830	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3909b5f3-660b-4c57-b7c0-55cecaa49064 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	829	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	828	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	827	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	826	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	825	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	824	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=178363a4-319d-49aa-9c3a-0da4e8dca995 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	823	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=6b993900-2765-4190-b373-9ce44f433e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	822	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=45f7020f-7e94-45a8-b6ab-c59a866c9ea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	821	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=45f7020f-7e94-45a8-b6ab-c59a866c9ea2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	820	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	819	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	818	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	817	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	816	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	815	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0d27901-f520-4273-9d21-7650205226aa HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA5AC4ANQAxAC0AMQA5ADkANAA4ADUAMwA3ADYAMAA1ADcAMgA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	814	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=6b993900-2765-4190-b373-9ce44f433e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	813	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	812	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	811	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	810	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	809	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	808	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=42fe1758-3f67-4c55-9e0a-2719c70c8b8b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQA1AEEAQwA0AEEATgBRAEEAeABBAEMAMABBAE0AUQBBADUAQQBEAGsAQQBOAEEAQQA0AEEARABVAEEATQB3AEEAMwBBAEQAWQBBAE0AQQBBADEAQQBEAGMAQQBNAGcAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	807	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=e3c0f121-9ccf-4959-b788-065fedaa3dc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	806	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e361419f-ba76-4817-bd78-feba77296ef9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	805	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=e361419f-ba76-4817-bd78-feba77296ef9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	804	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	803	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	802	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	801	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	800	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	799	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=01a32353-ebbe-42ed-b1d3-863a2b978924 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	798	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=e3c0f121-9ccf-4959-b788-065fedaa3dc4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	797	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	796	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	795	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	794	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	793	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	792	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=2fb8e84b-b140-4666-8f61-cfaa01c6d5b8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATgBRAEEAdQBBAEQAUQBBAE0AUQBBAHQAQQBEAGsAQQBOAGcAQQAyAEEARABRAEEATgBBAEEAeQBBAEQAVQBBAE0AQQBBAHkAQQBEAEEAQQBNAGcAQQA0AEEARABnAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	791	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=affefad8-68b6-4c5b-a914-3efeda4e6917 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	790	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3462ec20-0168-47b6-97b3-97825bc2983e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	789	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	788	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	787	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	786	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	785	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	784	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	783	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	782	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=576afd02-2efb-427b-b291-2907a607f262 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	781	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:38 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=affefad8-68b6-4c5b-a914-3efeda4e6917 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	780	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	779	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	778	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	777	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	776	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	775	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1619aaec-a25b-468b-86bc-b1d96e11bd36 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	774	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=e460bd33-ea6f-41f8-8759-f630ef0c3e1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	773	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=e460bd33-ea6f-41f8-8759-f630ef0c3e1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	772	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	771	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	770	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	769	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	768	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	767	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1c747c97-cc2a-41dd-b60e-be4049d3eb8c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkANQAuADQAMQAtADkANgA2ADQANAAyADUAMAAyADAAMgA4ADgANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	766	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e909cd42-9485-412e-9f78-d3b705798128 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	765	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e871b3d0-5209-4567-a857-568456057131 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	764	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	763	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	762	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	761	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	760	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	759	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	758	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	757	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4f05e459-e53f-4300-8ec9-11ac5a3dd78a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	756	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e909cd42-9485-412e-9f78-d3b705798128 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	755	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	754	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	753	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	752	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	751	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	750	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d4525c0a-d2ae-40a2-bc6c-a1a12b45997b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	749	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=f860452d-072f-4c46-9d98-72241db3876a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	748	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=25753183-2eae-4a93-8a7c-6586fc9e1e77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	747	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=25753183-2eae-4a93-8a7c-6586fc9e1e77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	746	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	745	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	744	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	743	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	742	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	741	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=91c73070-b551-478e-a8bc-ac06aaa74780 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQA1AC4ANAAxAC0AOQA2ADYANAA0ADIANQAwADIAMAAyADgAOAA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	740	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=f860452d-072f-4c46-9d98-72241db3876a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	739	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	738	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	737	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	736	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	735	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	734	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea368344-b4f2-4a64-becb-cdd96d4d89f4 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEAeABBAEMAMABBAE8AUQBBADIAQQBEAFkAQQBOAEEAQQAwAEEARABJAEEATgBRAEEAdwBBAEQASQBBAE0AQQBBAHkAQQBEAGcAQQBPAEEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	733	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cc7077d0-f94a-40e0-a612-8bdb28c9fe96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	732	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=9567be5d-2e00-461b-b0eb-caea825dbb06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	731	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=9567be5d-2e00-461b-b0eb-caea825dbb06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	730	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	729	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	728	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	727	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	726	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	725	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=18573c9e-4a0f-4af5-b8bc-62433e6c83c7 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	724	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion=5.1.14393.1944 RunspaceId=cc7077d0-f94a-40e0-a612-8bdb28c9fe96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	723	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	722	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	721	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	720	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	719	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	718	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=82c2dabd-c1d3-4028-99f6-0fcde346ad02 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAGsAQQBNAGcAQQB5AEEARABVAEEATgBnAEEAMwBBAEQARQBBAE0AQQBBAHkAQQBEAGMAQQBNAHcAQQB5AEEARABnAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	717	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=632f65cf-d9ae-40aa-b3c6-8d51a90de76b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	716	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f23635f3-cbd0-4df7-81c7-a4c675f263c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	715	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	714	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	713	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	712	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	711	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	710	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	709	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	708	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d9abbd77-31f1-451a-ad9a-8985335c8fbb HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	707	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:34 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=632f65cf-d9ae-40aa-b3c6-8d51a90de76b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	706	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	705	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	704	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	703	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	702	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	701	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=465c1d99-024c-4efc-8322-dd6a129f5309 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	700	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=09e3d3c8-06a7-4ae0-8c12-01c958ca88aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	699	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion=5.1.14393.1944 RunspaceId=09e3d3c8-06a7-4ae0-8c12-01c958ca88aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	698	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	697	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	696	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	695	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	694	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	693	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=6e0d5e06-c3fb-4dcd-8f5d-bc6204e1de94 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADkAMQAuADIAOQAtADkAMgAyADUANgA3ADEAMAAyADcAMwAyADgAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	692	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1c24cc0f-5a19-4538-9920-96eba6042b05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	691	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:33 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=439ee289-d38c-4e7b-ac0c-3f96093a31ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	690	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	689	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	688	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	687	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	686	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	685	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	684	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	683	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=e9d4ca9e-f692-40e5-b39e-0ce75a0badc6 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	682	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1c24cc0f-5a19-4538-9920-96eba6042b05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	681	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	680	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	679	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	678	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	677	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	676	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=76887759-5d18-47bf-8740-07d77812bd23 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	675	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:32 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=ca2810bd-5b86-4d2d-94a4-88467648e6f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	674	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=675d0e38-5941-4274-a39d-66b382436345 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	673	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion=5.1.14393.1944 RunspaceId=675d0e38-5941-4274-a39d-66b382436345 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	672	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	671	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	670	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	669	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	668	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	667	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=19d673a7-9dfd-4d10-8699-7a03fad4eb41 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOQAxAC4AMgA5AC0AOQAyADIANQA2ADcAMQAwADIANwAzADIAOAA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	666	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion=5.1.14393.1944 RunspaceId=ca2810bd-5b86-4d2d-94a4-88467648e6f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	665	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	664	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	663	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	662	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	661	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	660	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=51ff2b1c-0d15-42bd-bd9f-34e167d297ed HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAFEAQQB4AEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE8AUQBBAHkAQQBEAEkAQQBOAFEAQQAyAEEARABjAEEATQBRAEEAdwBBAEQASQBBAE4AdwBBAHoAQQBEAEkAQQBPAEEAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	659	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=a110c8f9-8131-4234-b313-b6e887e52b0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	658	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=573959b7-142c-4808-bab9-57394c830a07 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	657	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=573959b7-142c-4808-bab9-57394c830a07 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	656	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	655	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	654	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	653	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	652	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	651	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a49185d0-6507-4b91-aaa1-eef60dec5c38 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	650	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion=5.1.14393.1944 RunspaceId=a110c8f9-8131-4234-b313-b6e887e52b0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	649	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	648	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	647	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	646	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	645	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	644	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c0ea6725-aa6a-4080-8842-6181ec926b57 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQATQBBAE0AUQBBADQAQQBEAEUAQQBNAFEAQQB6AEEARABnAEEATgB3AEEAdQBBAEQAQQBBAE4AQQBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATQBRAEEAMwBBAEQAZwBBAE4AUQBBADQAQQBEAE0AQQBPAEEAQQAzAEEARABjAEEATwBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	643	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dcd153f-7c6d-480c-a66a-284293b533ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	642	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=37dc02ec-d866-4819-b7c0-f49b85c60c1c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	641	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	640	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	639	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	638	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	637	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	636	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	635	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	634	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ff4cfa57-3328-4f9e-af57-78aef0755d2d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	633	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3dcd153f-7c6d-480c-a66a-284293b533ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	632	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	631	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	630	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	629	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	628	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	627	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=69148e2c-0a76-4ed3-a6f9-65f5ce61bed3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	626	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d18b8a90-7121-414b-aca7-87ff0deef7a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	625	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion=5.1.14393.1944 RunspaceId=d18b8a90-7121-414b-aca7-87ff0deef7a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	624	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	623	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	622	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	621	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	620	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	619	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=65db1930-d1a2-4c7e-9ab7-185fa7198dea HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADMAMQA4ADEAMQAzADgANwAuADAANAAtADEAMAAxADAAMQA3ADgANQA4ADMAOAA3ADcAOAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	618	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=09ba879a-1fe9-467f-b31a-8f7d8ca429f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	617	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:29 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=07000ca5-9e56-4090-b82c-d53332863757 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	616	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	615	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	614	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	613	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	612	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	611	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	610	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	609	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=b6ed3cf6-fb5e-48a1-90ea-c5c3f2f9d864 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	608	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=09ba879a-1fe9-467f-b31a-8f7d8ca429f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	607	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	606	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	605	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	604	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	603	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	602	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=5540386d-293a-40bd-9b91-77165be5c291 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	601	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=43530ba1-de5c-4fbf-a522-04dc5ced3be3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	600	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=36716300-7728-4d24-8c45-d5140cc41828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	599	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion=5.1.14393.1944 RunspaceId=36716300-7728-4d24-8c45-d5140cc41828 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	598	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	597	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	596	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	595	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	594	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	593	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ba089693-b2ad-487d-a7d5-4c6eb51d2ed2 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMwAxADgAMQAxADMAOAA3AC4AMAA0AC0AMQAwADEAMAAxADcAOAA1ADgAMwA4ADcANwA4ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	592	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion=5.1.14393.1944 RunspaceId=43530ba1-de5c-4fbf-a522-04dc5ced3be3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	591	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	590	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	589	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	588	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	587	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	586	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a64c0b60-742f-48a9-9c0b-6dc814edd119 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQB3AEEAeABBAEQAZwBBAE0AUQBBAHgAQQBEAE0AQQBPAEEAQQAzAEEAQwA0AEEATQBBAEEAMABBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQB4AEEARABjAEEATwBBAEEAMQBBAEQAZwBBAE0AdwBBADQAQQBEAGMAQQBOAHcAQQA0AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA= EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	585	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:27 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ce0af32e-892b-48f3-baa2-ebb1f9a88660 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	584	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6389e491-a070-45e5-9aa1-a2299428bcda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	583	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	582	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	581	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	580	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	579	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	578	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	577	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	576	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=fc17d8ce-552e-4cce-9f3b-1c99b40f56a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	575	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ce0af32e-892b-48f3-baa2-ebb1f9a88660 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	574	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	573	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	572	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	571	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	570	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	569	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=16fd0cae-3350-4ea0-af82-ec3696126483 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	568	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d878417-97ba-4578-bbcf-c4cdeb0530a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	567	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:25 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c4f0ea7a-0ff9-4dad-9d7a-a8633e387ed0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	566	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	565	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	564	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	563	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	562	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	561	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	560	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	559	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3cc96ac-7fc2-4997-ae9d-d4804f65155e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	558	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4d878417-97ba-4578-bbcf-c4cdeb0530a0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	557	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	556	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	555	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	554	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	553	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	552	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1fb348b2-4bd0-4769-9c37-e86e3d44825a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	551	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=042a9b30-b627-4b18-b7dc-599de8520367 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	550	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1d2885c-b498-4e6c-a176-573ef9af5ffb PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	549	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1d2885c-b498-4e6c-a176-573ef9af5ffb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	548	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	547	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	546	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	545	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	544	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	543	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	542	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	541	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a3537205-1584-49ba-bb70-1eb7734cd7d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	540	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=042a9b30-b627-4b18-b7dc-599de8520367 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	539	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	538	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	537	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	536	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	535	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	534	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=340c5855-a0fd-4edf-aa4f-ec5d586bac1b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	533	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:22 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1d345d1a-39db-41dd-b066-5a21cea6d7de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	532	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=672857d2-4e31-436a-8d34-779e648f7f3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	531	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	530	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	529	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	528	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	527	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	526	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	525	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	524	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cc2e93d1-6a32-4065-b562-ad8e31e31848 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	523	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1d345d1a-39db-41dd-b066-5a21cea6d7de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	522	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	521	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	520	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	519	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	518	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	517	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8027c756-7888-4f47-aeb6-bcc33d7c2630 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	516	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6f6cd10d-1784-4762-a271-b7b92a7056a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	515	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:19 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e3415eb9-acdf-4ddc-88ac-525a93be6bea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	514	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	513	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	512	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	511	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	510	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	509	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	508	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	507	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=4ab52213-bf56-448b-b1db-3c5774f7dfa0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	506	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6f6cd10d-1784-4762-a271-b7b92a7056a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	505	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	504	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	503	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	502	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	501	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	500	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8206943c-d223-4d6e-8c0f-22dd3a770b08 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	499	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:12 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=762a212c-7712-4165-83d0-515dc625c5a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	498	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:11 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=14ca4a5e-85e4-462c-8956-53a6e52b01e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	497	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	496	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	495	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	494	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	493	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	492	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	491	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	490	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=a9182675-c709-40eb-98ec-e1f8a1d887a8 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	489	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:10 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=762a212c-7712-4165-83d0-515dc625c5a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	488	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	487	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	486	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	485	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	484	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	483	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=612692d9-b6a4-4616-bc2e-a41c62c4878d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	482	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18b2ffa4-19e4-4794-962b-913a18822dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	481	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:09 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=2118f2e4-3514-4cff-9148-3b4b598ca7ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	480	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	479	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	478	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	477	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	476	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	475	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	474	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	473	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=deb72f64-7984-47ae-9aac-6556e3e8ea91 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	472	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:08 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=18b2ffa4-19e4-4794-962b-913a18822dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	471	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	470	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	469	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	468	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	467	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	466	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8b9e7622-dc14-4c39-bf3f-08bb973c36cf HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	465	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bdb7e4a7-318c-476d-a331-48359f1328e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	464	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:07 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=c59b9ec9-fc90-4488-b5fa-ab9e77835ee3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	463	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	462	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	461	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	460	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	459	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	458	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	457	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	456	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=52511c44-7c7b-445c-9f37-fc853325bc51 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	455	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:06 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=bdb7e4a7-318c-476d-a331-48359f1328e2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	454	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	453	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	452	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	451	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	450	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	449	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f9330160-2835-4ce6-8122-9d73b006af67 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	448	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1799f941-f8a4-439d-b7d8-0c9fbbdb4ca2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	447	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:05 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=7f69dcdf-d26c-449d-b8d2-a812fc42f666 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	446	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	445	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	444	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	443	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	442	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	441	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	440	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	439	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=596e823c-90c5-4999-9978-6ab89962b052 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	438	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:02 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1799f941-f8a4-439d-b7d8-0c9fbbdb4ca2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	437	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	436	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	435	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	434	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	433	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	432	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8a277fe2-c294-4ab8-8bcb-66842781b24f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	431	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:01 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b266bb85-2349-4b3b-be13-be9d99a3ed7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	430	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:56:00 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3490e18d-42ea-4d59-a8a4-aefe3c7f2642 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	429	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	428	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	427	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	426	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	425	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	424	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	423	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	422	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=af500e79-4635-43f3-904a-09b3d83a381c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	421	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b266bb85-2349-4b3b-be13-be9d99a3ed7b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	420	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	419	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	418	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	417	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	416	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	415	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f963b64c-6a9c-4c3c-87c0-22513f3a5b89 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	414	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:57 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22984dbf-6dd8-44b8-93a1-88a80d464a11 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	413	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6bc3299b-6306-4b3a-8e2f-6b395d396547 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	412	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=6bc3299b-6306-4b3a-8e2f-6b395d396547 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	411	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	410	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	409	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	408	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	407	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	406	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	405	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	404	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=cf858100-3a04-4673-a867-57045aecdba3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	403	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:56 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=22984dbf-6dd8-44b8-93a1-88a80d464a11 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	402	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	401	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	400	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	399	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	398	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	397	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=e9d25aca-1b24-4558-b48a-c6fa6fb89d6c HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	396	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4347604d-91ec-4fd0-a9ac-609a8415cf12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	395	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a9ba064-1577-4449-9684-224c37e38dcc PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	394	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:55 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=3a9ba064-1577-4449-9684-224c37e38dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	393	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	392	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	391	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	390	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	389	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	388	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	387	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	386	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=9c650c27-6348-4d4e-9704-7e1359074a6d HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	385	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=4347604d-91ec-4fd0-a9ac-609a8415cf12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	384	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	383	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	382	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	381	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	380	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	379	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=d6b67930-ddaa-4654-ba99-881b2f13750e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	378	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:54 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=339d53cd-6534-421b-a1ef-4554abaa40de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	377	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73fdeb6d-10e5-45fb-a6fb-b7402aead9d0 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	376	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73fdeb6d-10e5-45fb-a6fb-b7402aead9d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	375	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	374	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	373	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	372	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	371	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	370	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	369	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	368	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=d435ffa7-7755-4f85-a9bf-4dcd6fb16fbc HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	367	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:53 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=339d53cd-6534-421b-a1ef-4554abaa40de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	366	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	365	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	364	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	363	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	362	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	361	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=cb1c6339-5ba6-4fdd-af6d-9ba342412393 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	360	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd887c77-73fa-41ae-9e9e-ad3592191da1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	359	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=16597f20-c45e-4968-b473-7c032a0657d6 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	358	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=16597f20-c45e-4968-b473-7c032a0657d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	357	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	356	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	355	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	354	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	353	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	352	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	351	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	350	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=57a4e5b5-72f6-4bf5-8790-981a8d0062da HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	349	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:52 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=fd887c77-73fa-41ae-9e9e-ad3592191da1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	348	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	347	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	346	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	345	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	344	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	343	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a36c005-28a1-4046-b574-ce2bf35359b2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	342	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73359b79-9988-431d-845a-e5812b5ab7a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	341	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b047521-767a-42a1-9773-4158bdbe3941 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	340	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b047521-767a-42a1-9773-4158bdbe3941 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	339	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	338	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	337	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	336	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	335	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	334	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	333	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	332	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f853be94-69cf-4061-b275-ddd8de0d88e1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	331	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:51 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=73359b79-9988-431d-845a-e5812b5ab7a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	330	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	329	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	328	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	327	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	326	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	325	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a03303f7-b5fe-4dc3-95f4-96357d41d232 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	324	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d8d0acb8-c416-43dc-b73d-c1c32ef09e8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	323	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f9ebc4ef-f353-428b-84cc-f73b1989ea9e PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	322	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:50 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f9ebc4ef-f353-428b-84cc-f73b1989ea9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	321	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	320	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	319	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	318	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	317	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	316	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	315	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	314	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=8b2b38c0-ff29-441d-8635-752452058302 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	313	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d8d0acb8-c416-43dc-b73d-c1c32ef09e8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	312	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	311	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	310	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	309	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	308	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	307	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fd4faebf-5a55-448a-b590-fae393571e49 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	306	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:49 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f969910b-b978-4a67-8e4a-86c48380a252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	305	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1db10f1a-42c5-4445-b67e-8675057b0abe PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	304	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1db10f1a-42c5-4445-b67e-8675057b0abe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	303	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	302	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	301	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	300	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	299	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	298	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	297	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	296	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=bce09e28-23e7-4c49-9a03-8802048c1701 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	295	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f969910b-b978-4a67-8e4a-86c48380a252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	294	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	293	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	292	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	291	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	290	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	289	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ad8a47b4-003d-47b3-a700-0419c6fd32d2 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	288	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e671f101-5a28-4a39-bdc0-2a923884ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	287	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d602a37f-8d83-43bf-987a-fc1aead8b9ca PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	286	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=d602a37f-8d83-43bf-987a-fc1aead8b9ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	285	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	284	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	283	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	282	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	281	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	280	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	279	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	278	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f46993a9-b282-402e-8d6f-7c36eb827d7a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	277	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:47 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e671f101-5a28-4a39-bdc0-2a923884ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	276	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	275	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	274	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	273	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	272	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	271	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=f6973fc5-17eb-414a-9fb1-8127ab664816 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	270	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ccbbd2fe-dd2a-4d5a-b5b9-71b8b9281ba0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	269	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1b1a699-94fe-4119-bf34-023d38c50444 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	268	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:46 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b1b1a699-94fe-4119-bf34-023d38c50444 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	267	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	266	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	265	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	264	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	263	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	262	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	261	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	260	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=ad14dd8e-6531-40e2-9a66-dfcab7d3ed5a HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	259	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=ccbbd2fe-dd2a-4d5a-b5b9-71b8b9281ba0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	258	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	257	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	256	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	255	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	254	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	253	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b764957-f931-4c88-a719-3808aa174fb3 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	252	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1be35ba-9ab4-43b7-a796-b1f9d06734cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	251	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=df4f9a70-d9b2-4c9b-9b89-996bbaa563c4 PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	250	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:45 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=df4f9a70-d9b2-4c9b-9b89-996bbaa563c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	249	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	248	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	247	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	246	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	245	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	244	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	243	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	242	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=217fa39f-cb91-4237-a701-5956eec68e26 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	241	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=f1be35ba-9ab4-43b7-a796-b1f9d06734cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	240	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	239	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	238	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	237	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	236	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	235	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a15335da-1489-49f1-974e-41f160d3bb8e HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	234	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:44 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b2733aa-2239-4d35-8631-462017ca2190 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	233	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=34b75507-545d-43cb-abd7-7dd273d118bd PipelineId=5 ScriptName= CommandLine=Add-Type -TypeDefinition $symlink_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }"	800		0	4	8		36028797018963968	232	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=34b75507-545d-43cb-abd7-7dd273d118bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	231	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	230	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	229	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	228	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	227	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	226	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	225	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	224	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=5e3088c4-82b1-4301-b480-567d7bad8d42 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	223	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:43 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=8b2733aa-2239-4d35-8631-462017ca2190 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	222	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	221	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	220	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	219	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	218	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	217	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=bdfef832-5aab-414f-ac47-17666a833b4b HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	216	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=35 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5191b469-fd40-4ce6-a287-9e4e3e48753b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	215	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:42 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=7136e4a5-b562-4dbe-852c-c0265c413c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	214	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion=5.1.14393.1944 RunspaceId=7136e4a5-b562-4dbe-852c-c0265c413c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	213	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	212	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	211	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	210	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	209	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	208	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c833636b-3371-4751-81ab-f460c3695d95 HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA== EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	207	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $process_util . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e970f315-d227-4958-b5bd-b80878f98c2a PipelineId=7 ScriptName= CommandLine= Add-Type -TypeDefinition $process_util Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }"	800		0	4	8		36028797018963968	206	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:41 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=e970f315-d227-4958-b5bd-b80878f98c2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	205	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	204	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	203	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	202	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	201	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	200	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	199	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	198	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=112ab687-79ca-4663-bba4-d63ca234ec31 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	197	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:40 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=5191b469-fd40-4ce6-a287-9e4e3e48753b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	196	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	195	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	194	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	193	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	192	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	191	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=626be331-3ad1-4391-a559-d9b86a4228c0 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	190	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:39 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=36 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=482521bb-9209-4c4e-b1e0-139ed242fde0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	189	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=34 UserId=HV-CINDER-80943\Admin HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ad43b0b-37c7-4a49-8a4f-47daf026532e PipelineId=5 ScriptName= CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"	800		0	4	8		36028797018963968	188	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=1ad43b0b-37c7-4a49-8a4f-47daf026532e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	187	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	186	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	185	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	184	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	183	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	182	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	181	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	180	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=21593b8c-2c65-4721-a4de-272183111897 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	179	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:24 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=482521bb-9209-4c4e-b1e0-139ed242fde0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	178	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	177	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	176	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	175	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	174	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	173	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=1de53457-8c74-4d8e-aeeb-c43b0c43688f HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	172	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=33 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40cd370f-d97d-46a2-9f61-32caf583cd87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	171	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:18 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=31 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=b04e04a6-9dfa-461d-be26-c852892d5739 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	170	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=29 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	169	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=27 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	168	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=25 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	167	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=23 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	166	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=21 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	165	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=19 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	164	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	163	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=becd73ba-23b0-4781-bda4-fec4aa3ba545 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	162	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion=5.1.14393.1944 RunspaceId=40cd370f-d97d-46a2-9f61-32caf583cd87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	161	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	160	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	159	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	158	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	157	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	156	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=52269c86-9084-46f1-b4c5-e302171aa0b1 HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	155	PowerShell		Windows PowerShell			hv-cinder-80943		9/16/2021 4:55:14 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=17 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion=5.1.14393.1944 RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	154	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "WSMan" is Started. Details: ProviderName=WSMan NewProviderState=Started SequenceNumber=15 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	153	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Certificate" is Started. Details: ProviderName=Certificate NewProviderState=Started SequenceNumber=13 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	152	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	151	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	150	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	149	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	148	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	147	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=Default Host HostVersion=5.1.14393.1944 HostId=f12a398c-107d-4e0f-819a-ffc53bc92407 HostApplication=C:\windows\system32\ServerManager.exe -arw EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	146	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:43:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	145	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	144	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	143	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	142	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	141	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	140	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	139	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:41:47 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	138	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	137	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	136	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	135	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	134	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	133	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	132	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:27:28 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	131	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	130	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	129	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	128	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	127	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	126	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a2011431-ed26-493a-9d87-2110cadf0708 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	125	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:23:42 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=5.1.14393.1944 RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	124	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	123	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	122	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	121	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	120	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	119	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	118	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:19:21 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=19 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	117	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 9:11:43 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	116	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:07 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	115	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:06 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	114	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	113	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	112	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	111	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	110	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=472903c4-35b3-4c83-9276-711692bf7dcf HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	109	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	108	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:05 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	107	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	106	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	105	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	104	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	103	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	102	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	101	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:55:03 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	100	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:54:38 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	99	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	98	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	97	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	96	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	95	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	94	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	93	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	92	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:14 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	91	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	90	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:11 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	89	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	88	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	87	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	86	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	85	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	84	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:51:10 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	83	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:45:55 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	82	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:16 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	81	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	80	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	79	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	78	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	77	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	76	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	75	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	74	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:15 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	73	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	72	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	71	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	70	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	69	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	68	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	67	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/19/2018 8:24:13 AM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	66	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	65	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	64	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	63	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	62	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	61	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	60	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=3b12ced5-170e-4ade-ada5-d47a03367310 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	59	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:21 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	58	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:20 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	57	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	56	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	55	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	54	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	53	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	52	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	51	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:07:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	50	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 6:02:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	49	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.1944 RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	48	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	47	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	46	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	45	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	44	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	43	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=4c0ae675-b105-412a-be64-2005b0dcac13 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	42	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:28 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	41	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:26 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.1944 RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	40	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	39	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	38	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	37	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	36	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	35	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.1944 HostId=b2985717-76be-43ef-9b0a-41db65a781f6 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	34	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:43:23 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=17 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	33	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:35:48 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId=1 ScriptName= CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"	800		0	4	8		36028797018963968	32	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion=5.1.14393.0 RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	31	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	30	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	29	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	28	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	27	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	26	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=db882125-c9ba-4a77-b198-18055547ec63 HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	25	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=WIN-5T344G8GM1H\Administrator HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId=1 ScriptName=C:\UnattendResources\ini.psm1 CommandLine=Add-Type -TypeDefinition $Source -Language CSharp Details: CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp"	800		0	4	8		36028797018963968	24	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:31 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Pipeline Execution Details	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion=5.1.14393.0 RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	23	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	22	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	21	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	20	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	19	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	18	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	17	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:30 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	16	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:17 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion=5.1.14393.0 RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	15	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:16 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	14	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	13	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	12	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	11	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	10	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	9	PowerShell		Windows PowerShell			WIN-5T344G8GM1H		1/16/2018 5:02:15 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from Available to Stopped. Details: NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	403		0	4	4		36028797018963968	8	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:37 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion=5.1.14393.0 RunspaceId=16e771eb-c367-43f8-b362-2bd303750968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	400		0	4	4		36028797018963968	7	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:36 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Engine Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Variable" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	6	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Function" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	5	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "FileSystem" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	4	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Environment" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	3	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Alias" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	2	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Provider "Registry" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.14393.0 HostId=2fd1a573-9000-4aa5-8a71-3f725488857f HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=	600		0	4	6		36028797018963968	1	PowerShell		Windows PowerShell			WIN-PD8DQPRRTAO		1/16/2018 5:01:35 PM			windows powershell	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Provider Lifecycle	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]